我最近在Centos 7上安装了两台新的服务器。我已经启用了fail2ban的默认设置。 我已经确保它运行为ps -ax | grep fail2ban产量:
1996 ? S 0:04 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x 但是我的夜间日志看起来像这样:
sshd: Authentication Failures: root (60.173.26.165): 1070 Time(s) root (122.225.109.208): 515 Time(s) root (193.106.4.48): 391 Time(s) root (122.225.109.104): 297 Time(s) root (122.225.109.213): 286 Time(s) root (122.225.109.219): 248 Time(s) root (122.225.109.199): 220 Time(s) root (113.200.114.230): 199 Time(s) unknown (122.225.109.208): 140 Time(s) root (122.225.109.204): 133 Time(s) root (122.225.97.73): 131 Time(s) root (122.225.97.70): 119 Time(s) root (122.225.109.196): 99 Time(s) root (61.174.50.134): 87 Time(s) unknown (122.225.109.213): 67 Time(s) root (122.225.97.98): 66 Time(s) root (61.174.51.222): 65 Time(s) unknown (122.225.109.104): 65 Time(s) root (122.225.109.203): 64 Time(s) unknown (122.225.109.199): 57 Time(s) unknown (122.225.109.204): 18 Time(s) unknown (122.225.109.196): 16 Time(s) root (61.234.104.167): 8 Time(s) root (80.191.81.53): 1 Time(s) unknown (113.200.114.230): 1 Time(s) unknown (122.225.109.219): 1 Time(s) unknown (193.106.4.48): 1 Time(s) unknown (91.220.131.33): 1 Time(s)
当我用来运行拒绝主机时,我需要2到3次尝试,然后IP被禁止。 这个结果告诉我,fail2banconfiguration不正确吗?
编辑(build议由sebix)
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf Running tests ============= Use failregex file : /etc/fail2ban/filter.d/sshd.conf Use maxlines : 10 Use single line : /var/log/auth.log Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: Lines: 1 lines, 0 ignored, 0 matched, 1 missed |- Missed line(s): | /var/log/auth.log