它的工作,就像3000次左右的5次。
在使用apt-get安装的Debian上运行,只添加下面的jail.local文件
猫jail.local
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6 bantime = 43200 当我运行fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
我得到: Success, the total number of match is 9964
但是我的logging说只有5个禁令发生。
日志文件:
################################################################## --------------------- fail2ban-messages Begin ------------------------ Banned services with Fail2Ban: Bans:Unbans ssh: [ 5:5 ] ---------------------- fail2ban-messages End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (219.254.35.83): 1606 Time(s) root (60.12.251.5): 594 Time(s) root (174.121.45.9): 314 Time(s) root (61.29.147.194): 222 Time(s) unknown (60.12.251.5): 146 Time(s) unknown (61.29.147.194): 84 Time(s) bin (60.12.251.5): 22 Time(s) backup (61.29.147.194): 8 Time(s) mysql (61.29.147.194): 4 Time(s) backup (60.12.251.5): 2 Time(s) news (60.12.251.5): 2 Time(s) mysql (60.12.251.5): 1 Time(s) unknown (59.175.218.166): 1 Time(s) Invalid Users: Unknown Account: 231 Time(s)
我其实是想清楚它是什么,还是记得。
我没有iptable安装在盒子上,所以禁止从未奏效。
现在我切换到host.deny应该工作