Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

默认 fail2ban 是必须要开启 firewalld? #493

Open
ghost opened this issue Jun 10, 2023 · 0 comments
Open

默认 fail2ban 是必须要开启 firewalld? #493

ghost opened this issue Jun 10, 2023 · 0 comments

Comments

@ghost
Copy link

ghost commented Jun 10, 2023

fail2ban 启动了没起作用,好多 ssh 爆破。

没开 firewalld 的话,banaction 得改一下么

[root@localhost  ~]# cat /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 86400
findtime = 600
maxretry = 5
backend = auto
banaction = firewallcmd-ipset
action = %(action_mwl)s

[sshd]
enabled = true
filter  = sshd
port    = 22
action = %(action_mwl)s
logpath = /var/log/secure
bantime  = 86400
findtime = 600
maxretry = 5
[root@localhost ~]#

之前忘记看日志了,今天看了下,有提示没开启 firewalld

fail2ban log 
2023-06-10 14:46:39,039 fail2ban.server         [29059]: INFO    Starting Fail2ban v0.11.2
2023-06-10 14:46:39,039 fail2ban.observer       [29059]: INFO    Observer start...
2023-06-10 14:46:39,042 fail2ban.database       [29059]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-06-10 14:46:39,043 fail2ban.jail           [29059]: INFO    Creating new jail 'sshd'
2023-06-10 14:46:39,045 fail2ban.jail           [29059]: INFO    Jail 'sshd' uses poller {}
2023-06-10 14:46:39,045 fail2ban.jail           [29059]: INFO    Initiated 'polling' backend
2023-06-10 14:46:39,047 fail2ban.filter         [29059]: INFO      maxLines: 1
2023-06-10 14:46:39,068 fail2ban.filter         [29059]: INFO      maxRetry: 5
2023-06-10 14:46:39,068 fail2ban.filter         [29059]: INFO      findtime: 600
2023-06-10 14:46:39,068 fail2ban.actions        [29059]: INFO      banTime: 86400
2023-06-10 14:46:39,068 fail2ban.filter         [29059]: INFO      encoding: UTF-8
2023-06-10 14:46:39,068 fail2ban.filter         [29059]: INFO    Added logfile: '/var/log/secure' (pos = 565226, hash = 7cba875cf08c63e3c7f6ed3f1625b25f9a1a6402)
2023-06-10 14:46:39,089 fail2ban.jail           [29059]: INFO    Jail 'sshd' started
2023-06-10 14:46:39,102 fail2ban.actions        [29059]: NOTICE  [sshd] Restore Ban 106.75.81.185
2023-06-10 14:46:39,312 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable
2023-06-10 14:46:39,312 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists'
2023-06-10 14:46:39,312 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'FirewallD is not running'
2023-06-10 14:46:39,312 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- killed with signal 124 (return code: 252)
2023-06-10 14:46:39,312 fail2ban.actions        [29059]: ERROR   Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '106.75.81.185', 'family': 'inet4', 'fid':  at 0x7fd0bfe347b8>, 'raw-ticket':  at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error'
2023-06-10 14:46:39,313 fail2ban.actions        [29059]: NOTICE  [sshd] Restore Ban 165.22.242.64
2023-06-10 14:46:39,522 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable
2023-06-10 14:46:39,523 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists'
2023-06-10 14:46:39,523 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'FirewallD is not running'
2023-06-10 14:46:39,523 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- killed with signal 124 (return code: 252)
2023-06-10 14:46:39,523 fail2ban.actions        [29059]: ERROR   Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '165.22.242.64', 'family': 'inet4', 'fid':  at 0x7fd0bfe347b8>, 'raw-ticket':  at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error'
2023-06-10 14:46:39,523 fail2ban.actions        [29059]: NOTICE  [sshd] Restore Ban 170.64.150.41
2023-06-10 14:46:39,741 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- exec: ipset create f2b-sshd hash:ip timeout 0
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports "$(echo '22' | sed s/:/-/g)" -m set --match-set f2b-sshd src -j REJECT --reject-with icmp-port-unreachable
2023-06-10 14:46:39,741 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'ipset v7.1: Set cannot be created: set with the same name already exists'
2023-06-10 14:46:39,741 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- stderr: 'FirewallD is not running'
2023-06-10 14:46:39,741 fail2ban.utils          [29059]: ERROR   7fd0be89c270 -- killed with signal 124 (return code: 252)
2023-06-10 14:46:39,742 fail2ban.actions        [29059]: ERROR   Failed to execute ban jail 'sshd' action 'firewallcmd-ipset' info 'ActionInfo({'ip': '170.64.150.41', 'family': 'inet4', 'fid':  at 0x7fd0bfe347b8>, 'raw-ticket':  at 0x7fd0bfe34e18>})': Error starting action Jail('sshd')/firewallcmd-ipset: 'Script error'
2023-06-10 14:46:49,099 fail2ban.filter         [29059]: WARNING [sshd] Simulate NOW in operation since found time has too large deviation 1686437209.0 ~ 1686408409.0992186 +/- 60
2023-06-10 14:46:49,099 fail2ban.filter         [29059]: WARNING [sshd] Please check jail has possibly a timezone issue. Line with odd timestamp: Jun 10 22:46:49 localhost sshd[29142]: Connection reset by 134.122.86.44 port 38026 [preauth]
2023-06-10 14:47:10,301 fail2ban.server         [29059]: INFO    Shutdown in progress...
2023-06-10 14:47:10,301 fail2ban.observer       [29059]: INFO    Observer stop ... try to end queue 5 seconds
2023-06-10 14:47:10,321 fail2ban.observer       [29059]: INFO    Observer stopped, 0 events remaining.
2023-06-10 14:47:10,361 fail2ban.server         [29059]: INFO    Stopping all jails
2023-06-10 14:47:10,362 fail2ban.filter         [29059]: INFO    Removed logfile: '/var/log/secure'
2023-06-10 14:47:10,382 fail2ban.actions        [29059]: NOTICE  [sshd] Flush ticket(s) with firewallcmd-ipset
2023-06-10 14:47:10,382 fail2ban.actions        [29059]: NOTICE  [sshd] Unban 106.75.81.185
2023-06-10 14:47:10,382 fail2ban.actions        [29059]: NOTICE  [sshd] Unban 165.22.242.64
2023-06-10 14:47:10,383 fail2ban.actions        [29059]: NOTICE  [sshd] Unban 170.64.150.41
2023-06-10 14:47:10,528 fail2ban.jail           [29059]: INFO    Jail 'sshd' stopped
2023-06-10 14:47:10,529 fail2ban.database       [29059]: INFO    Connection to database closed.
2023-06-10 14:47:10,529 fail2ban.server         [29059]: INFO    Exiting Fail2ban
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants