We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fail2ban 启动了没起作用,好多 ssh 爆破。
没开 firewalld 的话,banaction 得改一下么
[root@localhost ~]# cat /etc/fail2ban/jail.local [DEFAULT] ignoreip = 127.0.0.1/8 bantime = 86400 findtime = 600 maxretry = 5 backend = auto banaction = firewallcmd-ipset action = %(action_mwl)s [sshd] enabled = true filter = sshd port = 22 action = %(action_mwl)s logpath = /var/log/secure bantime = 86400 findtime = 600 maxretry = 5 [root@localhost ~]#
之前忘记看日志了,今天看了下,有提示没开启 firewalld
2023-06-10 14:46:39,039 fail2ban.server [29059]: INFO Starting Fail2ban v0.11.2 2023-06-10 14:46:39,039 fail2ban.observer [29059]: INFO Observer start... 2023-06-10 14:46:39,042 fail2ban.database [29059]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2023-06-10 14:46:39,043 fail2ban.jail [29059]: INFO Creating new jail 'sshd' 2023-06-10 14:46:39,045 fail2ban.jail [29059]: INFO Jail 'sshd' uses poller {} 2023-06-10 14:46:39,045 fail2ban.jail [29059]: INFO Initiated 'polling' backend 2023-06-10 14:46:39,047 fail2ban.filter [29059]: INFO maxLines: 1 2023-06-10 14:46:39,068 fail2ban.filter [29059]: INFO maxRetry: 5 2023-06-10 14:46:39,068 fail2ban.filter [29059]: INFO findtime: 600 2023-06-10 14:46:39,068 fail2ban.actions [29059]: INFO banTime: 86400 2023-06-10 14:46:39,068 fail2ban.filter [29059]: INFO encoding: UTF-8 2023-06-10 14:46:39,068 fail2ban.filter [29059]: INFO Added logfile: '/var/log/secure' (pos = 565226, hash = 7cba875cf08c63e3c7f6ed3f1625b25f9a1a6402) 2023-06-10 14:46:39,089 fail2ban.jail [29059]: INFO Jail 'sshd' started 2023-06-10 14:46:39,102 fail2ban.actions [29059]: NOTICE [sshd] Restore Ban 106.75.81.185 2023-06-10 14:46:39,312 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0 firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable 2023-06-10 14:46:39,312 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists' 2023-06-10 14:46:39,312 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'FirewallD is not running' 2023-06-10 14:46:39,312 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- killed with signal 124 (return code: 252) 2023-06-10 14:46:39,312 fail2ban.actions [29059]: ERROR Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '106.75.81.185', 'family': 'inet4', 'fid': at 0x7fd0bfe347b8>, 'raw-ticket': at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error' 2023-06-10 14:46:39,313 fail2ban.actions [29059]: NOTICE [sshd] Restore Ban 165.22.242.64 2023-06-10 14:46:39,522 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0 firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable 2023-06-10 14:46:39,523 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists' 2023-06-10 14:46:39,523 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'FirewallD is not running' 2023-06-10 14:46:39,523 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- killed with signal 124 (return code: 252) 2023-06-10 14:46:39,523 fail2ban.actions [29059]: ERROR Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '165.22.242.64', 'family': 'inet4', 'fid': at 0x7fd0bfe347b8>, 'raw-ticket': at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error' 2023-06-10 14:46:39,523 fail2ban.actions [29059]: NOTICE [sshd] Restore Ban 170.64.150.41 2023-06-10 14:46:39,741 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0 firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable 2023-06-10 14:46:39,741 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists' 2023-06-10 14:46:39,741 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- stderr: 'FirewallD is not running' 2023-06-10 14:46:39,741 fail2ban.utils [29059]: ERROR 7fd0be89c270 -- killed with signal 124 (return code: 252) 2023-06-10 14:46:39,742 fail2ban.actions [29059]: ERROR Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '170.64.150.41', 'family': 'inet4', 'fid': at 0x7fd0bfe347b8>, 'raw-ticket': at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error' 2023-06-10 14:46:49,099 fail2ban.filter [29059]: WARNING [sshd] Simulate NOW in operation since found time has too large deviation 1686437209.0 ~ 1686408409.0992186 +/- 60 2023-06-10 14:46:49,099 fail2ban.filter [29059]: WARNING [sshd] Please check jail has possibly a timezone issue. Line with odd timestamp: Jun 10 22:46:49 localhost sshd[29142]: Connection reset by 134.122.86.44 port 38026 [preauth] 2023-06-10 14:47:10,301 fail2ban.server [29059]: INFO Shutdown in progress... 2023-06-10 14:47:10,301 fail2ban.observer [29059]: INFO Observer stop ... try to end queue 5 seconds 2023-06-10 14:47:10,321 fail2ban.observer [29059]: INFO Observer stopped, 0 events remaining. 2023-06-10 14:47:10,361 fail2ban.server [29059]: INFO Stopping all jails 2023-06-10 14:47:10,362 fail2ban.filter [29059]: INFO Removed logfile: '/var/log/secure' 2023-06-10 14:47:10,382 fail2ban.actions [29059]: NOTICE [sshd] Flush ticket(s) with firewallcmd-ipset 2023-06-10 14:47:10,382 fail2ban.actions [29059]: NOTICE [sshd] Unban 106.75.81.185 2023-06-10 14:47:10,382 fail2ban.actions [29059]: NOTICE [sshd] Unban 165.22.242.64 2023-06-10 14:47:10,383 fail2ban.actions [29059]: NOTICE [sshd] Unban 170.64.150.41 2023-06-10 14:47:10,528 fail2ban.jail [29059]: INFO Jail 'sshd' stopped 2023-06-10 14:47:10,529 fail2ban.database [29059]: INFO Connection to database closed. 2023-06-10 14:47:10,529 fail2ban.server [29059]: INFO Exiting Fail2ban
The text was updated successfully, but these errors were encountered:
No branches or pull requests
fail2ban 启动了没起作用,好多 ssh 爆破。
没开 firewalld 的话,banaction 得改一下么
之前忘记看日志了,今天看了下,有提示没开启 firewalld
fail2ban log
The text was updated successfully, but these errors were encountered: