Como interagir graficamente com um servidor sem cabeça?

Question

tamo_bln

Asked: 2024-11-13 05:22:17 +0800 CST2024-11-13 05:22:17 +0800 CST 2024-11-13 05:22:17 +0800 CST

Fail2ban habilitado e ativo, mas nenhuma regra adicionada ao iptables no Ubuntu Server 24.04

772

parece que não consigo fazer o fail2ban funcionar.

Tenho o ufw instalado e funcionando com este status:

~$ sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
25/tcp                     ALLOW       Anywhere
2278/tcp                   ALLOW       Anywhere
80,143,443,465,587,993/tcp ALLOW       Anywhere
110,995/tcp                ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
22/tcp                     DENY        Anywhere
25/tcp (v6)                ALLOW       Anywhere (v6)
2278/tcp (v6)              ALLOW       Anywhere (v6)
80,143,443,465,587,993/tcp (v6) ALLOW       Anywhere (v6)
110,995/tcp (v6)           ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
22/tcp (v6)                DENY        Anywhere (v6)

Não fiz alterações no jail.confarquivo e apenas criei um jail.localarquivo.

/etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1/128

[sshd]
#mode   = normal
enabled = true
bantime = 1h
port    = 2278
filter = sshd
logpath = /var/log/auth.log
maxretry = 5



[postfix]
enabled = true
bantime = 1h
mode    = more
port    = smtp,465,submission
filter = postfix
logpath = /var/log/mail.log

[postfix-sasl]
enabled = true
bantime = 1h
maxretry = 5
filter   = postfix[mode=auth]
port     = smtp,465,submission,imap,imaps,pop3,pop3s
logpath  = /var/log/mail.log

~$ sudo fail2ban-client status
Status
|- Number of jail:      3
`- Jail list:   postfix, postfix-sasl, sshd

~$ sudo fail2ban-client status postfix
Status for the jail: postfix
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

Bani manualmente um IP:

~$ sudo fail2ban-client -vvv set postfix banip 1.2.3.4
 +   32 743F3BD1E080 fail2ban.configreader     INFO  Loading configs for fail2ban under /etc/fail2ban
 +   32 743F3BD1E080 fail2ban.configreader     DEBUG Reading configs for fail2ban under /etc/fail2ban
 +   33 743F3BD1E080 fail2ban.configreader     DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
 +   33 743F3BD1E080 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 +   33 743F3BD1E080 fail2ban.configparserinc  TRACE     Reading file: /etc/fail2ban/fail2ban.conf
 +   33 743F3BD1E080 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 +   33 743F3BD1E080 fail2ban.configparserinc  TRACE     Shared file: /etc/fail2ban/fail2ban.conf
 +   34 743F3BD1E080 fail2ban                  INFO  Using socket file /var/run/fail2ban/fail2ban.sock
 +   34 743F3BD1E080 fail2ban                  INFO  Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
 +   34 743F3BD1E080 fail2ban                  HEAVY CMD: ['set', 'postfix', 'banip', '1.2.3.4']
 +   73 743F3BD1E080 fail2ban                  HEAVY OK : 1
 +   73 743F3BD1E080 fail2ban.beautifier       HEAVY Beautify 1 with ['set', 'postfix', 'banip', '1.2.3.4']
1
 +   73 743F3BD1E080 fail2ban                  DEBUG Exit with code 0

O comando iptables -nLnão mostra que este IP foi banido pelo fail2ban:

~$ sudo iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-logging-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-input  0    --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-logging-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-forward  0    --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-output  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:137
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:138
ufw-skip-to-policy-input  6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139
ufw-skip-to-policy-input  6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
ufw-skip-to-policy-input  0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ufw-user-forward  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
ufw-not-local  0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     17   --  0.0.0.0/0            224.0.0.251          udp dpt:5353
ACCEPT     17   --  0.0.0.0/0            239.255.255.250      udp dpt:1900
ufw-user-input  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-user-output  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2278
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,143,443,465,587,993
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            multiport dports 110,995
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
DROP       6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     0    --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)
target     prot opt source               destination

O serviço Fail2ban está em execução.

~$ sudo systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: active (running) since Tue 2024-11-12 21:09:28 CET; 1h 6min ago
       Docs: man:fail2ban(1)
   Main PID: 1001 (fail2ban-server)
      Tasks: 9 (limit: 4556)
     Memory: 49.7M (peak: 53.2M)
        CPU: 10.557s
     CGroup: /system.slice/fail2ban.service
             └─1001 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Nov 12 21:09:28 crosis systemd[1]: Started fail2ban.service - Fail2Ban Service.
Nov 12 21:09:29 crosis fail2ban-server[1001]: 2024-11-12 21:09:29,352 fail2ban.configreader   [1001]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Nov 12 21:09:30 crosis fail2ban-server[1001]: Server ready

Estou esquecendo de algo? Estou fazendo algo errado?

1 respostas

Voted

Sven Ellwanger · Answer 1 · 2024-12-11T04:51:54+08:00

Best Answer

Sven Ellwanger

2024-12-11T04:51:54+08:002024-12-11T04:51:54+08:00

Verifique suas ações de prisão: fail2ban-client get postfix actions ou fail2ban-client get sshd actions

Provavelmente seu /etc/fail2ban/paths-debian.conf não está correto (como o meu com nftables como banactions).

Verifique seu /etc/fail2ban/jail.conf - #before = paths-distro.conf

0

Fail2ban habilitado e ativo, mas nenhuma regra adicionada ao iptables no Ubuntu Server 24.04

Existe um comando para listar todos os usuários? Também para adicionar, excluir, modificar usuários, no terminal?

Como excluir um diretório não vazio no Terminal?

Como descompactar um arquivo zip do Terminal?

Como instalo um arquivo .deb por meio da linha de comando?

Como instalo um arquivo .tar.gz (ou .tar.bz2)?

Como listar todos os pacotes instalados

Fail2ban habilitado e ativo, mas nenhuma regra adicionada ao iptables no Ubuntu Server 24.04

1 respostas

relate perguntas