Fail2ban正在工作,但我去pentest我的服务器,无论出于什么原因,Apache2的监狱不工作。 我用iptables -S检查IPTables,并且有9个条目用于-A input -p tcp -m multiport --dports 22 -j f2b-default即使我在jails.conf中指定了http和https端口
我试过再次进入jails.conf,改变http,https 80,443,同样的事情发生。 我不知道为什么fail2ban是在每个types的监狱端口22添加iptables条目,但我没有做任何事情似乎解决这个问题。
如果这对于任何想要帮助我的人都是重要的,我将会在debian 9上。
编辑:configuration文件
[INCLUDES] before = paths-debian.conf [DEFAULT] ignoreip = 127.0.0.1/8 ignorecommand = bantime = 600 findtime = 600 maxretry = 5 backend = auto usedns = warn logencoding = auto #enabled = true filter = %(__name__)s destemail = root@localhost sender = fail2ban@localhost mta = sendmail protocol = tcp chain = INPUT port = 0:65535 fail2ban_agent = Fail2Ban/%(fail2ban_version)s banaction = iptables-multiport banaction_allports = iptables-allports action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] action = %(action_)s [sshd] enabled = true port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s action = iptables-multiport cloudflare [sshd-ddos] # This jail corresponds to the standard configuration in Fail2ban. # The mail-whois action send a notification e-mail with a whois request # in the body. port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s action = iptables-multiport cloudflare [apache-auth] enabled = true port = 80,443 logpath = %(apache_error_log)s action = iptables-multiport cloudflare [apache-badbots] enabled = true port = 80,443 logpath = %(apache_access_log)s bantime = 172800 maxretry = 1 action = iptables-multiport cloudflare [apache-noscript] port = http,https logpath = %(apache_error_log)s action = iptables-multiport cloudflare [apache-overflows] enabled = true port = 80,443 logpath = %(apache_error_log)s maxretry = 2 action = iptables-multiport cloudflare [apache-nohome] enabled = true port = 80,443 logpath = %(apache_error_log)s maxretry = 2 action = iptables-multiport cloudflare [apache-botsearch] enabled = true port = 80,443 logpath = %(apache_error_log)s maxretry = 2 action = iptables-multiport cloudflare [apache-fakegooglebot] enabled = true port = 80,443 logpath = %(apache_access_log)s maxretry = 1 ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip> action = iptables-multiport cloudflare [apache-modsecurity] enabled = true port = 80,443 logpath = %(apache_error_log)s maxretry = 2 action = iptables-multiport cloudflare [apache-shellshock] enabled = true port = 80,443 logpath = %(apache_error_log)s maxretry = 1 action = iptables-multiport cloudflare
端口22用于SSH。 Fail2ban禁止在该端口上进行多个连接重试是正常的。 这张照片没有什么是错的。 它工作正常。