为什么fail2ban 0.8在Debain 7 Wheezy x64上无法正确启动?
嗨,
我试图configurationfail2ban与APF一起工作。 但是首先,如果fail2ban可以启动,那将是非常好的。
root@akdom:/var/log# /etc/init.d/fail2ban start [ **ok** ] Starting authentication failure monitor: fail2ban. root@akdom:/var/log# /etc/init.d/fail2ban status [**FAIL**] Status of authentication failure monitor:[....] fail2ban is not running ... **failed**! root@akdom:/var/log# /etc/fail2ban/jail.local(在jail.conf中有相同的内容)
[DEFAULT] ignoreip = 127.0.0.1/8 bantime = 600 maxretry = 3 findtime = 600 backend = auto # # ACTIONS # banaction = apf mta = sendmail protocol = tcp chain = INPUT action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(cha$ action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$ %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%($ %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $ action = %(action_)s #JAIL [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/auth.log maxretry = 5
fail2ban.conf
socket = /var/run/fail2ban/fail2ban.sock (This file doesn'T exist, prehaps because fail2ban is not lauched properly)
对我来说这很重要,因为中国喜欢我的服务器IP(根据auth.log):)
看着DuckDuckGo,我发现了一些疑难解答信息:我试图删除并重新安装。 fail2ban-regex完美地工作,并在过去2天内返回超过10000个结果。 auth.logpath有效。
现在我正在考虑安装预发行版本0.9来查看它是否正常工作。
任何想法,使其工作?
谢谢
编辑在/etc/init.d/fail2ban中设置-x
命令:/etc/init.d/fail2ban start
/var/log/fail2ban.log仍为空。
root@akdom:/etc/fail2ban# /etc/init.d/fail2ban start + DESC=authentication failure monitor + NAME=fail2ban + DAEMON=/usr/bin/fail2ban-client + SCRIPTNAME=/etc/init.d/fail2ban + grep+ sed -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local -es/.*socket *= *//g -es/ *$//g + tail -n 1 + SOCKFILE=/var/run/fail2ban/fail2ban.sock + [ -z /var/run/fail2ban/fail2ban.sock ] + [ -x /usr/bin/fail2ban-client ] + FAIL2BAN_USER=root + [ -r /etc/default/fail2ban ] + . /etc/default/fail2ban + FAIL2BAN_OPTS= + DAEMON_ARGS= + [ -f /etc/default/rcS ] + . /etc/default/rcS + . /lib/lsb/init-functions + run-parts --lsbsysinit --list /lib/lsb/init-functions.d + [ -r /lib/lsb/init-functions.d/20-left-info-blocks ] + . /lib/lsb/init-functions.d/20-left-info-blocks + FANCYTTY= + [ -e /etc/lsb-base-logging.sh ] + true + command=start + [ != no ] + log_daemon_msg Starting authentication failure monitor fail2ban + [ -z Starting authentication failure monitor ] + log_daemon_msg_pre Starting authentication failure monitor fail2ban + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z ] + FANCYTTY=1 + true + /bin/echo -n [....] [....] + [ -z fail2ban ] + /bin/echo -n Starting authentication failure monitor: fail2ban Starting authentication failure monitor: fail2ban+ log_daemon_msg_post Starting authentication failure monitor fail2ban + : + do_start start + do_status + /usr/bin/fail2ban-client ping + return 255 + [ -e /var/run/fail2ban/fail2ban.sock ] + [ -d /var/run/fail2ban ] + [ root != root ] + start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start + return 2 + [ != no ] + log_end_msg_wrapper 0 2 + [ 0 -lt 2 ] + value=0 + log_end_msg 0 + [ -z 0 ] + local retval + retval=0 + log_end_msg_pre 0 + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z 1 ] + true + true + /usr/bin/tput setaf 1 + RED= + /usr/bin/tput setaf 2 + GREEN= + /usr/bin/tput setaf 3 + YELLOW= + /usr/bin/tput op + NORMAL= + /usr/bin/tput civis + /usr/bin/tput sc + /usr/bin/tput hpa 0 + [ 0 -eq 0 ] + /bin/echo -ne [ ok [ ok + /usr/bin/tput rc + /usr/bin/tput cnorm + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z 1 ] + true + true + /usr/bin/tput setaf 1 + RED= + /usr/bin/tput setaf 3 + YELLOW= + /usr/bin/tput op + NORMAL= + [ 0 -eq 0 ] + echo . . + log_end_msg_post 0 + : + return 0 + : root@akdom:/etc/fail2ban#
编辑
iptables规则
root@akdom:~# iptables -L -n --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination root@akdom:~#
/etc/init.d/fail2ban重启
root@akdom:~# /etc/init.d/fail2ban restart + DESC=authentication failure monitor + NAME=fail2ban + DAEMON=/usr/bin/fail2ban-client + SCRIPTNAME=/etc/init.d/fail2ban + tail -n 1 + sed -es/.*socket *= *//g -es/ *$//g + grep -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local + SOCKFILE=/var/run/fail2ban/fail2ban.sock + [ -z /var/run/fail2ban/fail2ban.sock ] + [ -x /usr/bin/fail2ban-client ] + FAIL2BAN_USER=root + [ -r /etc/default/fail2ban ] + . /etc/default/fail2ban + FAIL2BAN_OPTS= + DAEMON_ARGS= + [ -f /etc/default/rcS ] + . /etc/default/rcS + . /lib/lsb/init-functions + run-parts --lsbsysinit --list /lib/lsb/init-functions.d + [ -r /lib/lsb/init-functions.d/20-left-info-blocks ] + . /lib/lsb/init-functions.d/20-left-info-blocks + FANCYTTY= + [ -e /etc/lsb-base-logging.sh ] + true + command=restart + log_daemon_msg Restarting authentication failure monitor fail2ban + [ -z Restarting authentication failure monitor ] + log_daemon_msg_pre Restarting authentication failure monitor fail2ban + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z ] + FANCYTTY=1 + true + /bin/echo -n [....] [....] + [ -z fail2ban ] + /bin/echo -n Restarting authentication failure monitor: fail2ban Restarting authentication failure monitor: fail2ban+ log_daemon_msg_post Restarting authentication failure monitor fail2ban + : + do_stop + /usr/bin/fail2ban-client status + return 1 + do_start + do_status + /usr/bin/fail2ban-client ping + return 255 + [ -e /var/run/fail2ban/fail2ban.sock ] + [ -d /var/run/fail2ban ] + [ root != root ] + start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start + return 2 + log_end_msg_wrapper 2 1 + [ 2 -lt 1 ] + value=1 + log_end_msg 1 + [ -z 1 ] + local retval + retval=1 + log_end_msg_pre 1 + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z 1 ] + true + true + /usr/bin/tput setaf 1 + RED= + /usr/bin/tput setaf 2 + GREEN= + /usr/bin/tput setaf 3 + YELLOW= + /usr/bin/tput op + NORMAL= + /usr/bin/tput civis + /usr/bin/tput sc + /usr/bin/tput hpa 0 + [ 1 -eq 0 ] + [ 1 -eq 255 ] + /bin/echo -ne [FAIL [FAIL+ /usr/bin/tput rc + /usr/bin/tput cnorm + log_use_fancy_output + TPUT=/usr/bin/tput + EXPR=/usr/bin/expr + [ -t 1 ] + [ xxterm != x ] + [ xxterm != xdumb ] + [ -x /usr/bin/tput ] + [ -x /usr/bin/expr ] + /usr/bin/tput hpa 60 + /usr/bin/tput setaf 1 + [ -z 1 ] + true + true + /usr/bin/tput setaf 1 + RED= + /usr/bin/tput setaf 3 + YELLOW= + /usr/bin/tput op + NORMAL= + [ 1 -eq 0 ] + [ 1 -eq 255 ] + /bin/echo -e failed! failed! + log_end_msg_post 1 + : + return 1
尝试运行以下命令:
start-stop-daemon --start --quiet --chuid fail2ban --exec /usr/bin/fail2ban-client -- start
如果以root身份运行fail2ban,则删除“–chuid fail2ban” – 默认值。 这应该会显示您的configuration中阻止服务器启动的错误。
有同样的问题。 在fail2ban的新版本中有一些不推荐的configuration参数。
以下步骤解决了。 先删除所有configuration文件,然后卸载:
apt-get remove fail2ban --purge
之后,重新安装:
apt-get install fail2ban
完成此步骤后,您的configuration将处于默认设置,应该根据您的需要进行编辑。