我已經在 CentOS 7 上安裝了fail2ban並添加了jail.local:
[sshd]
enabled = true
當我嘗試錯誤的 ssh 登入時,我會在 /var/log/secure 中收到如下日誌條目:
Jun 5 11:09:40 arsenal sshd[32595]: Connection closed by 192.168.1.202 port 61745 [preauth]
但是,除非我將其設為“調試”,否則fail2ban日誌中不會出現任何內容:
2019-06-05 11:09:40,893 fail2ban.filtersystemd [32110]: DEBUG Read systemd journal entry: '2019-06-05T11:09:40.893324arsenal sshd[32595]: Connection closed by 192.168.1.202 port 61745 [preauth]'
即使我連續多次嘗試這種錯誤的登錄,它也不會阻止任何內容:
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list: