How do I tell if my brute force protection (fail2ban) is running?

How do I tell if my brute force protection (fail2ban) is running?

我不确定我的 fail2ban 是否正在运行。我如何知道它当前是否正在运行?

另外,我如何知道它是否在启动时运行?

答案1

我将使用 fail2ban 的客户端进行检查,因为它不仅会告诉您服务器是否正在运行,还会告诉您哪些 jail 已启用,这是同样重要的信息,因为如果未启用特定的 jail,fail2ban 不会监视并对其进行禁止。

检查服务:

$ sudo fail2ban-client status

答案2

/var/log/fail2ban.log您应该会看到已启动的信息fail2ban。您还会看到与 fail2ban 活动相关的输出。

To see whether the process is currently running, use pgrep or ps :

$ pgrep fail2ban -fl
11189 fail2ban-server

<impressive_space_tag>

$ ps -efww | egrep fail2ban 
root 11189 2662  0 16:29 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid

If you installed fail2ban via the package manager or software center, you should see entries in the /etc/rc* directories for fail2ban, which indicate (on default settings and without customization) that it will run on startup.

$ find /etc/rc* | grep fail2
/etc/rc0.d/K99fail2ban
/etc/rc1.d/K99fail2ban
/etc/rc2.d/S99fail2ban
/etc/rc3.d/S99fail2ban
/etc/rc4.d/S99fail2ban
/etc/rc5.d/S99fail2ban
/etc/rc6.d/K99fail2ban

答案3

You can use:

[romano@pern:~] % ps augx | grep fail2ban 
root      1374  0.0  0.2 265592  9956 ?        Sl   jul29   0:12 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid

If you set up correctly a mail address where to send info, you'll receive a mail at startup and shutdown of the system, and one mail for any action (banning an ip, etc.)

There is interesting info in this blog.

相关内容