fail2ban执行禁止动作时“找不到命令”

时间:2019-08-20 02:00:25

标签: ruby fail2ban

fail2ban的操作之一配置为运行ruby脚本;但是,尝试执行带有“找不到命令”错误的红宝石脚本时,fail2ban失败。我不明白此错误,因为我提供了ruby脚本的完整路径,并且具有执行权限:

这是我的fail2ban动作:

[root:a17924e746f0:~]# cat /etc/fail2ban/action.d/404.conf
# Fail2Ban action configuration file for Subzero/Core

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = /root/ban_modify.rb ban <ip>
actionunban = /root/ban_modify.rb unban <ip>

以下是/root/ban_modify.rb脚本的内容:

#!/usr/bin/env ruby

command = ARGV[0]
ip_address = ARGV[1]

blacklist = File.open("/root/blacklist.txt").read.split("\n")

if command == "unban"
  if blacklist.include? "#{ip_address} deny"
    blacklist.delete "#{ip_address} deny"
  end
elsif command == "ban"
  blacklist << "#{ip_address} deny"
end

File.open("/root/blacklist.txt", "w") {|f| f.write(blacklist.join("\n"))}

非常简单。满足fail2ban条件时,Apache使用此blacklist.txt文件永久禁止个人访问Web服务器。

但是,当我发出以下命令时:sudo /usr/bin/fail2ban-client set 404 unbanip <my ip>

我收到以下错误:

2019-08-19 20:56:43,508 fail2ban.utils          [16176]: Level 39 7ff7395873f0 -- exec: ban_modify.rb ban <myip>
2019-08-19 20:56:43,509 fail2ban.utils          [16176]: ERROR   7ff7395873f0 -- stderr: '/bin/sh: 1: ban_modify.rb: not found'
2019-08-19 20:56:43,509 fail2ban.utils          [16176]: ERROR   7ff7395873f0 -- returned 127
2019-08-19 20:56:43,509 fail2ban.utils          [16176]: INFO    HINT on 127: "Command not found".  Make sure that all commands in 'ban_modify.rb ban <myip>' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals.
2019-08-19 20:56:43,509 fail2ban.actions        [16176]: ERROR   Failed to execute ban jail '404' action '404' info 'ActionInfo({'ip': '<myip>', 'family': 'inet4', 'ip-rev': '<myip>.', 'ip-host': '<myip>', 'fid': '<myip>', 'failures': 1, 'time': 1566266203.3465006, 'matches': '', 'restored': 0, 'F-*': {'matches': [], 'failures': 1}, 'ipmatches': '', 'ipjailmatches': '', 'ipfailures': 1, 'ipjailfailures': 1})': Error banning <myip>

我不确定如果actionban指向ruby脚本的完整路径,为什么会发生此错误。

我什至尝试将/root/ban_modify.rb的内容更改为简单的puts "Hello World"。试图将禁令更改为iptables-allports,但仍然失败。似乎禁令根本行不通。

2 个答案:

答案 0 :(得分:0)

您可以启用fail2ban调试模式并检查fail2ban日志以了解更多详细信息。

# change fail2ban log level
sudo nano /etc/fail2ban/fail2ban.conf
loglevel = DEBUG 

# restart fail2ban
sudo systemctl restart fail2ban

# check logs
tail -f /var/log/fail2ban.log

答案 1 :(得分:-1)

您可以重新启动fail2ban并再次检查:

sudo systemctl restart fail2ban
相关问题
最新问题