今天我在我的ubuntu-server中安装了fail2ban。 在此之后我不得不添加以下.conf我在githunb上的fail2ban: /etc/config/filter.d/lighttpd.conf
# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
#
[Definition]
failregex = ^: \(http_auth\.c\.\d+\) (password doesn\'t match .* username: .*|digest: auth failed for .*: wrong password|get_password failed), IP: <HOST>\s*$
ignoreregex =
# Author: Francois Boulogne <fboulogne@april.org>
在此之后,我将以下几行添加到我的Jail.conf中:
[lighttpd-auth]
enabled = false
filter = lighttpd-auth
action = iptables[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2
现在我有以下问题,fail2ban可以找到错误的登录,但无法禁止攻击者IP -.- 这里是我的file2ban.log
中的行2013-11-05 18:23:24,710 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,747 fail2ban.actions: WARNING [lighttpd-auth] Ban 9.999.999.99
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2013-11-05 18:23:59,756 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,758 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,758 fail2ban.actions.action: CRITICAL Unable to restore environment
2013-11-05 18:24:01,760 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:02,762 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:04,764 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
任何人都可以帮助我吗?
答案 0 :(得分:0)
原因是fail2ban正在调用iptables错误。
-dport http,https选项不适用于两个端口。它给出了:
iptables v1.4.20: invalid port/service `http,https' specified.
正确的电话会是
iptables [...] -m multiport -dports "http,https" [...]
修改fail2ban配置,使其使用正确的调用。它的工作原理如下:
action = iptables[name=lighttpd-auth, m=multiport ports="http,https"]