centos8fail2ban 不工作

tag-icon tag-icon security fail2ban centos8
centos8fail2ban 不工作

我在配置了 ssh 和 Nginx 的 CentOS 8 上運行fail2ban。當我執行fail2ban-client status時,它們都顯示ip被阻止,但它們實際上並沒有被firewalld阻止。我受到 ssh 攻擊的轟炸,但防火牆端沒有任何反應。我正在運行“tcpdump - i 任何連接埠 80 或連接埠 443 或連接埠 22”,並看到多次失敗的嘗試。再次失敗2ban看到他們並說他們被禁止,但他們實際上並沒有被禁止。有什麼建議麼?

[DEFAULT] 
ignoreip = 127.0.0.1 192.168.1.0/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd] 
enabled = true

[nginx-http-auth]
enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/gitlab/nginx/error.log

[nginx-noscript]
enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 6

[nginx-badbots]
enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-nohome]
enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[nginx-noproxy]
enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/gitlab/nginx/access.log
maxretry = 2

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab_error.log

答案1

如果您實際上使用的是firewalld,請確保使用與firewalld相容的,banaction例如firewallcmd-ipset.

答案2

您的配置看起來不錯,尤其是當您看到fail2ban-client status sshd 的輸出中列出的 IP 時。

怎麼查看ip是否被封鎖了?這就是我在我負責的具有被禁止 IP 的系統上檢查它的方法。

            iptables -L f2b-sshd
Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  120.29.125.240       anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

如果它沒有列在那裡,是否只是它被禁止和解禁太快了?我知道你的配置設定為 6 小時,這應該夠長了..

如果失敗,您也可以檢查 /var/log/fail2ban.log 是否有可能相關的活動。例如:

2020-12-04 09:17:07,590 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:09,883 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:12,163 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:14,381 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:16,874 fail2ban.filter         [9089]: INFO    [sshd] Found 120.29.125.240
2020-12-04 09:17:17,805 fail2ban.actions        [9089]: NOTICE  [sshd] Ban 120.29.125.240

相關內容