Fail2ban
在 fail2ban 中啟用除 SSH 之外的其他監獄
在我的郵件伺服器上安裝了 Fail2ban。
按照指示,我將jail.conf複製到jail.local
這是我在 jail.local 中的內容。我還從 fail2ban 的日誌文件中複製了日誌。
對我來說,我在 jail.local 中啟用的其他監獄似乎沒有啟動,因為日誌文件只顯示 SSHD 監獄已啟動,我沒有看到其他監獄正在啟動。
編輯** 當我嘗試手動啟動它時,它說監獄不存在。如果我嘗試啟動 SSHD,它工作得很好,並說監獄開始了。
/home/USER/Maildir# fail2ban-client start postfix NOK: ('postfix',) Sorry but the jail 'postfix' does not exist /home/USER/Maildir# fail2ban-client start postfix-rbl NOK: ('postfix-rbl',) Sorry but the jail 'postfix-rbl' does not exist這是我所擁有的
jail.local[sshd] enable = true port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s我還啟用了其他服務
[postfix] enable = true mode = more port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s maxretry = 1 bantime = 48h [postfix-rbl] enable = true filter = postfix[mode=rbl] port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s maxretry = 1 [sendmail-auth] enable = true port = submission,465,smtp logpath = %(syslog_mail)s backend = %(syslog_backend)s maxretry = 1
/var/log/fail2ban.log說:2020-05-11 23:26:50,209 fail2ban.server [10790]: INFO Starting Fail2ban v0.10.2 2020-05-11 23:26:50,212 fail2ban.database [10790]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2020-05-11 23:26:50,213 fail2ban.jail [10790]: INFO Creating new jail 'sshd' 2020-05-11 23:26:50,226 fail2ban.jail [10790]: INFO Jail 'sshd' uses pyinotify {} 2020-05-11 23:26:50,229 fail2ban.jail [10790]: INFO Initiated 'pyinotify' backend 2020-05-11 23:26:50,230 fail2ban.filter [10790]: INFO maxLines: 1 2020-05-11 23:26:50,255 fail2ban.server [10790]: INFO Jail sshd is not a JournalFilter instance 2020-05-11 23:26:50,256 fail2ban.filter [10790]: INFO Added logfile: '/var/log/auth.log' (pos = 635398, hash = f27994565e613699182c4d7ceadd7904b0e587e4) 2020-05-11 23:26:50,259 fail2ban.filter [10790]: INFO encoding: UTF-8 2020-05-11 23:26:50,260 fail2ban.filter [10790]: INFO maxRetry: 2 2020-05-11 23:26:50,260 fail2ban.filter [10790]: INFO findtime: 600 2020-05-11 23:26:50,260 fail2ban.actions [10790]: INFO banTime: 600000 2020-05-11 23:26:50,415 fail2ban.jail [10790]: INFO Jail 'sshd' started 2020-05-11 23:26:50,466 fail2ban.actions [10790]: NOTICE [sshd] Restore Ban X.X.X.X .......上面編輯後來自fail2ban的更多資訊。我嘗試了啟動,並且重新載入監獄仍然無法正常工作
2020-05-12 03:10:25,816 fail2ban.transmitter [10790]: WARNING Command ['postfix'] has failed. Received Exception('Invalid command') 2020-05-12 08:37:41,716 fail2ban.transmitter [10790]: WARNING Command ['[postfiadsx]'] has failed. Received Exception('Invalid command') 2020-05-12 08:37:48,752 fail2ban.transmitter [10790]: WARNING Command ['[postfix]'] has failed. Received Exception('Invalid command') 2020-05-12 20:10:09,314 fail2ban.transmitter [10790]: WARNING Command ['sshd'] has failed. Received Exception('Invalid command') 2020-05-12 20:10:15,211 fail2ban.transmitter [10790]: WARNING Command ['[sshd]'] has failed. Received Exception('Invalid command') 2020-05-12 20:16:36,680 fail2ban.transmitter [10790]: WARNING Command ['[start,', 'sshd]'] has failed. Received Exception('Invalid command') 2020-05-12 20:34:24,968 fail2ban.transmitter [10790]: WARNING Command ['start', 'postfix'] has failed. Received UnknownJailException('postfix') 2020-05-12 20:34:42,339 fail2ban.transmitter [10790]: WARNING Command ['start', 'postfix-rbl'] has failed. Received UnknownJailException('postfix-rbl') 2020-05-12 20:47:09,239 fail2ban.server [10790]: INFO Reload jail postfix-rbl 2020-05-12 20:47:09,240 fail2ban.server [10790]: INFO Reload finished. 2020-05-12 20:47:09,240 fail2ban.transmitter [10790]: WARNING Command ['reload', 'postfix-rbl', [], [['set', 'syslogsocket', 'auto'], ['set', 'loglevel', 'INFO'], ['set', 'logtarget', '/var/log/fail2ban.log'], ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3'], ['set', 'dbpurgeage', '1d']]] has failed. Received UnknownJailEx
我記得應該是這樣的語法:
enabled = true“啟用”不是“啟用”
如果預設安裝了所有其他服務,它應該可以正常工作。但是,fail2ban 似乎在查看日誌時遇到了問題。確保以 root 使用者身份啟動 fail2ban。非 root 使用者無權訪問 /var/log/