私のサーバーにrootとしてログインしようとしているボットがたくさんあったので、デフォルト設定でFail2banをインストールしました。インストールしましたが、何も変わりませんでした。 Fail2ban刑務所IPのリストを確認しましたが、何もありません。
私のセキュリティログは次のとおりです。
May 19 09:11:25 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:25 localhost unix_chkpwd[6083]: password check failed for user (root)
May 19 09:11:25 localhost sshd[6080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:28 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:28 localhost unix_chkpwd[6084]: password check failed for user (root)
May 19 09:11:28 localhost sshd[6080]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:29 localhost sshd[6080]: Failed password for root from 43.255.188.160 port 52111 ssh2
May 19 09:11:29 localhost sshd[6080]: Received disconnect from 43.255.188.160: 11: [preauth]
May 19 09:11:29 localhost sshd[6080]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:30 localhost unix_chkpwd[6087]: password check failed for user (root)
May 19 09:11:30 localhost sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:30 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:31 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:31 localhost unix_chkpwd[6088]: password check failed for user (root)
May 19 09:11:31 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:33 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:33 localhost unix_chkpwd[6089]: password check failed for user (root)
May 19 09:11:33 localhost sshd[6085]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:36 localhost sshd[6085]: Failed password for root from 43.255.188.160 port 39053 ssh2
May 19 09:11:36 localhost sshd[6085]: Received disconnect from 43.255.188.160: 11: [preauth]
May 19 09:11:36 localhost sshd[6085]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:36 localhost unix_chkpwd[6093]: password check failed for user (root)
May 19 09:11:36 localhost sshd[6091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:36 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:38 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:38 localhost unix_chkpwd[6094]: password check failed for user (root)
May 19 09:11:38 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:40 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:40 localhost unix_chkpwd[6095]: password check failed for user (root)
May 19 09:11:40 localhost sshd[6091]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:42 localhost sshd[6091]: Failed password for root from 43.255.188.160 port 53516 ssh2
May 19 09:11:42 localhost sshd[6091]: Received disconnect from 43.255.188.160: 11: [preauth]
May 19 09:11:42 localhost sshd[6091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:43 localhost unix_chkpwd[6098]: password check failed for user (root)
May 19 09:11:43 localhost sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.160 user=root
May 19 09:11:43 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:44 localhost sshd[6096]: Failed password for root from 43.255.188.160 port 40323 ssh2
May 19 09:11:44 localhost unix_chkpwd[6099]: password check failed for user (root)
May 19 09:11:44 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
May 19 09:11:46 localhost sshd[6096]: Failed password for root from 43.255.188.160 port 40323 ssh2
May 19 09:11:46 localhost unix_chkpwd[6100]: password check failed for user (root)
May 19 09:11:46 localhost sshd[6096]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Fail2banを有効にしました(すでに実行中とマークされています)。
fail2ban-client start
ERROR Server already running
昨日以降の状態は次のとおりです。
fail2ban-client status
Status
|- Number of jail: 0
`- Jail list:
Fail2banを有効にするために私がやっていないことがありますか?
ベストアンサー1
PermitRootLogin no誰かが指摘したように、あなたが準備したときにsshd_configでこのディレクティブを使用するのは良い習慣だと思います。
私のローカル刑務所にはsshセクションがありますが、ssh-iptablesセクションが見つからないため、iptablesにルールを追加して動作します。
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 5