0

我在我的服务器上尝试 fail2ban 至少 10 次,大多数时候它不会禁止 ip

在我的 jail.local

[ssh]

enabled  = true
port     = ssh,some_port_number
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 2
bantime = 180

在我的服务器上,我安装了 fail2ban 并在我的 sh 文件中使用它进行配置

sudo apt-get -y install fail2ban
sudo cp custom_jail.local /etc/fail2ban/jail.local
sudo service fail2ban restart

我还在 rsyslog.conf 中设置RepeatedMsgReduction 并运行此服务 rsyslog restart

在 ssh 登录失败后(最大重试限制)我仍然能够登录它而不是禁止我的 ip

授权日志

Jun 20 21:17:29 localhost sshd[4705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip  user=username
Jun 20 21:17:32 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:36 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Connection closed by ip [preauth]

失败2ban.log

2015-06-20 21:15:07,186 fail2ban.jail   : INFO   Jail 'ssh' stopped
2015-06-20 21:15:07,209 fail2ban.jail   : INFO   Jail 'ssh-ddos' stopped
2015-06-20 21:15:07,210 fail2ban.server : INFO   Exiting Fail2ban
2015-06-20 21:15:07,790 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.11
2015-06-20 21:15:07,791 fail2ban.jail   : INFO   Creating new jail 'ssh'
2015-06-20 21:15:07,821 fail2ban.jail   : INFO   Jail 'ssh' uses pyinotify
2015-06-20 21:15:07,846 fail2ban.jail   : INFO   Initiated 'pyinotify' backend
2015-06-20 21:15:07,848 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2015-06-20 21:15:07,849 fail2ban.filter : INFO   Set maxRetry = 2
2015-06-20 21:15:07,850 fail2ban.filter : INFO   Set findtime = 600
2015-06-20 21:15:07,850 fail2ban.actions: INFO   Set banTime = 180
2015-06-20 21:15:07,884 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2015-06-20 21:15:07,884 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses pyinotify
2015-06-20 21:15:07,891 fail2ban.jail   : INFO   Initiated 'pyinotify' backend
2015-06-20 21:15:07,893 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2015-06-20 21:15:07,894 fail2ban.filter : INFO   Set maxRetry = 2
2015-06-20 21:15:07,894 fail2ban.filter : INFO   Set findtime = 600
2015-06-20 21:15:07,895 fail2ban.actions: INFO   Set banTime = 180
2015-06-20 21:15:07,901 fail2ban.jail   : INFO   Jail 'ssh' started
2015-06-20 21:15:07,907 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
4

1 回答 1

0

终于明白为什么fail2ban不禁止ip了

以前在编辑 jail.local之后 我重新启动了fail2ban

但现在我先停止fail2ban,然后启动fail2ban ,这对我有用

我正在使用 Ubuntu 14.04

于 2015-06-21T10:38:36.440 回答