%20is%20running%3F.png)
我不确定我的 fail2ban 是否正在运行。我如何知道它当前是否正在运行?
另外,我如何知道它是否在启动时运行?
答案1
我将使用 fail2ban 的客户端进行检查,因为它不仅会告诉您服务器是否正在运行,还会告诉您哪些 jail 已启用,这是同样重要的信息,因为如果未启用特定的 jail,fail2ban 不会监视并对其进行禁止。
检查服务:
$ sudo fail2ban-client status
答案2
/var/log/fail2ban.log您应该会看到已启动的信息fail2ban。您还会看到与 fail2ban 活动相关的输出。
To see whether the process is currently running, use pgrep or ps :
$ pgrep fail2ban -fl
11189 fail2ban-server
<impressive_space_tag>
$ ps -efww | egrep fail2ban
root 11189 2662 0 16:29 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
If you installed fail2ban via the package manager or software center, you should see entries in the /etc/rc* directories for fail2ban, which indicate (on default settings and without customization) that it will run on startup.
$ find /etc/rc* | grep fail2
/etc/rc0.d/K99fail2ban
/etc/rc1.d/K99fail2ban
/etc/rc2.d/S99fail2ban
/etc/rc3.d/S99fail2ban
/etc/rc4.d/S99fail2ban
/etc/rc5.d/S99fail2ban
/etc/rc6.d/K99fail2ban
答案3
You can use:
[romano@pern:~] % ps augx | grep fail2ban
root 1374 0.0 0.2 265592 9956 ? Sl jul29 0:12 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid
If you set up correctly a mail address where to send info, you'll receive a mail at startup and shutdown of the system, and one mail for any action (banning an ip, etc.)
There is interesting info in this blog.