Debain 7 Wheezy x64에서 왜 failure2ban 0.8이 제대로 시작되지 않습니까?

Debain 7 Wheezy x64에서 왜 failure2ban 0.8이 제대로 시작되지 않습니까?

안녕,

APF와 작동하도록 Fail2ban을 구성하려고 합니다. 하지만 먼저 Fail2ban을 시작할 수 있다면 좋을 것 같습니다.

root@akdom:/var/log# /etc/init.d/fail2ban start
[ **ok** ] Starting authentication failure monitor: fail2ban.
root@akdom:/var/log# /etc/init.d/fail2ban status
[**FAIL**] Status of authentication failure monitor:[....] fail2ban is not running ... **failed**!
root@akdom:/var/log#

/etc/fail2ban/jail.local (jail.conf의 내용과 동일)

[DEFAULT]

ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

findtime = 600

backend = auto


#
# ACTIONS
#
banaction = apf

mta = sendmail
protocol = tcp
chain = INPUT

action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(cha$

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$

action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%($
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $

action = %(action_)s

#JAIL
[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]

logpath = /var/log/auth.log

maxretry = 5

실패2ban.conf

socket = /var/run/fail2ban/fail2ban.sock (This file doesn'T exist, prehaps because fail2ban is not lauched properly)

auth.log에 따르면 중국은 내 서버 IP를 좋아하기 때문에 빠르게 설정하는 것이 중요합니다 :)

DuckDuckGo를 살펴보면서 몇 가지 문제 해결 정보를 찾았습니다. 제거하고 다시 설치해 보았습니다. failure2ban-regex는 완벽하게 작동하며 지난 2일 동안 10000개 이상의 결과를 반환합니다. auth.log 경로가 유효합니다.

이제 시험판 0.9 버전을 설치하여 작동하는지 확인하려고 합니다.

작동하게 만들 아이디어가 있나요?

감사해요

편집하다 /etc/init.d/fail2ban에 -x 설정 사용

명령: /etc/init.d/fail2ban start

/var/log/fail2ban.log는 여전히 비어 있습니다.

root@akdom:/etc/fail2ban# /etc/init.d/fail2ban start
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ grep+ sed -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local -e s/.*socket *= *//g
 -e s/ *$//g
+ tail -n 1
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=start
+ [  != no ]
+ log_daemon_msg Starting authentication failure monitor fail2ban
+ [ -z Starting authentication failure monitor ]
+ log_daemon_msg_pre Starting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Starting authentication failure monitor: fail2ban
Starting authentication failure monitor: fail2ban+ log_daemon_msg_post Starting authentication failure monitor fail2ban
+ :
+ do_start start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ [  != no ]
+ log_end_msg_wrapper 0 2
+ [ 0 -lt 2 ]
+ value=0
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 0 -eq 0 ]
+ /bin/echo -ne [ ok
[ ok + /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :
root@akdom:/etc/fail2ban#

편집하다

iptables 규칙

root@akdom:~# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
root@akdom:~#

/etc/init.d/fail2ban 다시 시작

root@akdom:~# /etc/init.d/fail2ban restart
+ DESC=authentication failure monitor
+ NAME=fail2ban
+ DAEMON=/usr/bin/fail2ban-client
+ SCRIPTNAME=/etc/init.d/fail2ban
+ tail -n 1
+ sed -e s/.*socket *= *//g -e s/ *$//g
+ grep -h ^[^#]*socket *= /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
+ SOCKFILE=/var/run/fail2ban/fail2ban.sock
+ [ -z /var/run/fail2ban/fail2ban.sock ]
+ [ -x /usr/bin/fail2ban-client ]
+ FAIL2BAN_USER=root
+ [ -r /etc/default/fail2ban ]
+ . /etc/default/fail2ban
+ FAIL2BAN_OPTS=
+ DAEMON_ARGS=
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ command=restart
+ log_daemon_msg Restarting authentication failure monitor fail2ban
+ [ -z Restarting authentication failure monitor ]
+ log_daemon_msg_pre Restarting authentication failure monitor fail2ban
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z fail2ban ]
+ /bin/echo -n Restarting authentication failure monitor: fail2ban
Restarting authentication failure monitor: fail2ban+ log_daemon_msg_post Restarting authentication failure monitor fail2ban
+ :
+ do_stop
+ /usr/bin/fail2ban-client status
+ return 1
+ do_start
+ do_status
+ /usr/bin/fail2ban-client ping
+ return 255
+ [ -e /var/run/fail2ban/fail2ban.sock ]
+ [ -d /var/run/fail2ban ]
+ [ root != root ]
+ start-stop-daemon --start --quiet --chuid root --exec /usr/bin/fail2ban-client -- start
+ return 2
+ log_end_msg_wrapper 2 1
+ [ 2 -lt 1 ]
+ value=1
+ log_end_msg 1
+ [ -z 1 ]
+ local retval
+ retval=1
+ log_end_msg_pre 1
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -ne [FAIL
[FAIL+ /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 1 -eq 0 ]
+ [ 1 -eq 255 ]
+ /bin/echo -e  failed!
 failed!
+ log_end_msg_post 1
+ :
+ return 1

• :