며칠 전 vps를 구입하여 Centos 7을 설치했습니다. 이제 SSH에 대해 Fail2ban을 설정하려고 합니다. epel-release를 설치했습니다. 기본적으로 Iptables가 사용되었습니다. Fail2ban을 시작하려고 할 때 나타나는 내용은 다음과 같습니다.
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
Fail2ban start 디버그:
[root@server ~]# /usr/bin/fail2ban-client -v -v start
INFO Loading configs for fail2ban under /etc/fail2ban
DEBUG Reading configs for fail2ban under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Using socket file /var/run/fail2ban/fail2ban.sock
INFO Loading configs for jail under /etc/fail2ban
DEBUG Reading configs for jail under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/jail.conf,/etc/fail2ban/jail.d/00-firewalld.conf, /etc/fail2ban/jail.local
INFO Loading files: ['/etc/fail2ban/jail.conf']
INFO Loading files: ['/etc/fail2ban/paths-fedora.conf']
INFO Loading files: ['/etc/fail2ban/paths-common.conf']
INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
INFO Loading files: ['/etc/fail2ban/jail.d/00-firewalld.conf']
INFO Loading files: ['/etc/fail2ban/jail.local']
INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-fedora.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/00-firewalld.conf', '/etc/fail2ban/jail.local']
INFO Loading configs for filter.d/sshd under /etc/fail2ban
DEBUG Reading configs for filter.d/sshd under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/filter.d/sshd.conf
INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
INFO Loading files: ['/etc/fail2ban/filter.d/common.conf']
INFO Loading files: ['/etc/fail2ban/filter.d/common.local']
INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf']
INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban
DEBUG Reading configs for action.d/iptables-multiport under /etc/fail2ban
DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf
INFO Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf']
INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf']
ERROR No file(s) found for glob /var/log/secure
ERROR Failed during configuration: Have not found any log file for sshd jail
iptables를 다시 설치하려고 했지만 새로 설치한 후에도 보안 로그 파일이 누락되었습니다. VPN 공급자 설정으로 인해 발생했을 수 있습니까?
답변1
누락된 파일을 생성해 보는 것은 어떨까요?
touch /var/log/secure
chown root. /var/log/secure
chmod 0600 /var/log/secure
그 다음에:
systemctl restart fail2ban.service
/var/log/secure에서 오는 rsyslog. 다음 authpriv.* /var/log/secure항목이 있고 실행 /etc/rsyslog.conf중인지 확인하세요 rsyslog.
systemctl status rsyslog