gpt4 book ai didi

Fail2ban 不阻止 IP

转载 作者:行者123 更新时间:2023-12-04 16:02:29 24 4
gpt4 key购买 nike

我已经安装了 Fail2ban 并试图让它阻止 IP。根据日志,它检测 SSH 扫描并将 IP 地址添加到禁止列表,但我仍然可以从禁止列表中的互联网测试 IP 进行 SSH。

操作系统 = openSUSE Leap 42.2

Fail2ban v0.10.3

本地 jail :

[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.0/24

ignorecommand =
bantime = 1d
findtime = 600
maxretry = 3

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
abuseipdb[abuseipdb_apikey="my_key", abuseipdb_category="18,22"]
logpath = /var/log/messages
maxretry = 3

正在获取 IP 地址并表示其已被禁止?fail2ban.log 文件:

2018-05-01 15:21:59,207 fail2ban.filter         [20450]: INFO    [ssh-iptables] Found x.x.x.x - 2018-05-01 15:21:59
2018-05-01 15:22:02,315 fail2ban.filter [20450]: INFO [ssh-iptables] Found x.x.x.x - 2018-05-01 15:22:02
2018-05-01 15:22:02,324 fail2ban.filter [20450]: INFO [ssh-iptables] Found x.x.x.x - 2018-05-01 15:22:02
2018-05-01 15:22:02,364 fail2ban.actions [20450]: NOTICE [ssh-iptables] x.x.x.x already banned

fail2ban-client status ssh-iptables 状态

Status for the jail: ssh-iptables
|- Filter
| |- Currently failed: 1
| |- Total failed: 51
| `- File list: /var/log/messages
`- Actions
|- Currently banned: 47
|- Total banned: 437

IP 表的输出:

Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-SSH tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-SSH (1 references)
target prot opt source destination

除此之外,没有任何内容被发送到 AbuseIPDB。有什么我想念的吗?

我已经阅读了几个论坛,但似乎无法让它工作。

最佳答案

设法让它工作。重新启动 fail2ban 修复了阻塞问题。很奇怪,因为我重新加载了 fail2ban-client,但没有帮助。必须终止并重新启动该服务。

通过更改 jail.local 文件修复了 Abuseipdb

action   = iptables[name=SSH, port=ssh, protocol=tcp]
abuseipdb[abuseipdb_category="18,22"]

关于Fail2ban 不阻止 IP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50118645/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com