sshd我在 CentOS 上啟用了fail2ban 設定。它正在很好地讀取日誌。使用 SSH 進行一些測試,從遠端伺服器登入失敗:
Nov 23 20:51:52 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:51:55 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:51:58 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:52:07 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.22
Nov 23 20:52:07 new fail2ban.actions[29090]: NOTICE [sshd] 199.180.250.xx already banned
Nov 23 20:52:10 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
Nov 23 20:52:13 new fail2ban.filter[29090]: INFO [sshd] Found 199.180.250.xx
即使超過禁令,連接似乎也是被允許的。我查看了 iptables,它看起來是正確的:
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 199.180.250.xx 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
連接不是持久的。遠端伺服器仍然可以開啟與執行fail2ban 的該伺服器的 SSH 會話。
我還缺什麼?
完整的 iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd-ddos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:200xyz flags:0x17/0x02
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 199.180.250.xx 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd-ddos (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
答案1
在配置中,port = ssh必須變更為自訂 SSH 連接埠。
我原以為 Linux 會知道 SSH 連接埠的定義,fail2ban 會遵循該系統配置,但我錯了。