Fail2ban konnte unter Centos 7 nicht gestartet werden. Fehlende /var/log/secure-Datei

tag-icon tag-icon ssh centos iptables vps fail2ban
Fail2ban konnte unter Centos 7 nicht gestartet werden. Fehlende /var/log/secure-Datei

Vor ein paar Tagen habe ich vps gekauft und Centos 7 darauf installiert. Jetzt versuche ich, fail2ban für ssh einzurichten. Ich habe epel-release installiert. Standardmäßig wurde iptables verwendet. Das hier bekomme ich, wenn ich versuche, fail2ban zu starten:

 Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

Debug des Starts von fail2ban:

[root@server ~]# /usr/bin/fail2ban-client -v -v start
INFO   Loading configs for fail2ban under /etc/fail2ban
DEBUG  Reading configs for fail2ban under /etc/fail2ban
DEBUG  Reading config files: /etc/fail2ban/fail2ban.conf
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
INFO   Loading configs for jail under /etc/fail2ban
DEBUG  Reading configs for jail under /etc/fail2ban
DEBUG  Reading config files: /etc/fail2ban/jail.conf,/etc/fail2ban/jail.d/00-firewalld.conf, /etc/fail2ban/jail.local
INFO     Loading files: ['/etc/fail2ban/jail.conf']
INFO     Loading files: ['/etc/fail2ban/paths-fedora.conf']
INFO     Loading files: ['/etc/fail2ban/paths-common.conf']
INFO     Loading files: ['/etc/fail2ban/paths-overrides.local']
INFO     Loading files: ['/etc/fail2ban/jail.d/00-firewalld.conf']
INFO     Loading files: ['/etc/fail2ban/jail.local']
INFO     Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-fedora.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/00-firewalld.conf', '/etc/fail2ban/jail.local']
INFO   Loading configs for filter.d/sshd under /etc/fail2ban
DEBUG  Reading configs for filter.d/sshd under /etc/fail2ban
DEBUG  Reading config files: /etc/fail2ban/filter.d/sshd.conf
INFO     Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
INFO     Loading files: ['/etc/fail2ban/filter.d/common.conf']
INFO     Loading files: ['/etc/fail2ban/filter.d/common.local']
INFO     Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf']
INFO   Loading configs for action.d/iptables-multiport under /etc/fail2ban
DEBUG  Reading configs for action.d/iptables-multiport under /etc/fail2ban
DEBUG  Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
INFO     Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf']
INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
INFO     Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
INFO     Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf']
ERROR  No file(s) found for glob /var/log/secure
ERROR  Failed during configuration: Have not found any log file for sshd jail

Ich habe versucht, iptables neu zu installieren, aber nach der Neuinstallation fehlt immer noch die sichere Protokolldatei. Kann es an den Einstellungen des VPS-Anbieters liegen?

Antwort1

Warum nicht die fehlende Datei erstellen?

touch /var/log/secure
chown root. /var/log/secure
chmod 0600 /var/log/secure

Dann:

systemctl restart fail2ban.service

/var/log/securekommt von rsyslog. Stellen Sie sicher, dass Sie authpriv.* /var/log/secureFolgendes haben /etc/rsyslog.confund rsyslogausführen:

systemctl status rsyslog

verwandte Informationen