tamo_bln's questions

parece que não consigo fazer o fail2ban funcionar.

Tenho o ufw instalado e funcionando com este status:

~$ sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
25/tcp                     ALLOW       Anywhere
2278/tcp                   ALLOW       Anywhere
80,143,443,465,587,993/tcp ALLOW       Anywhere
110,995/tcp                ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
22/tcp                     DENY        Anywhere
25/tcp (v6)                ALLOW       Anywhere (v6)
2278/tcp (v6)              ALLOW       Anywhere (v6)
80,143,443,465,587,993/tcp (v6) ALLOW       Anywhere (v6)
110,995/tcp (v6)           ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
22/tcp (v6)                DENY        Anywhere (v6)

Não fiz alterações no jail.confarquivo e apenas criei um jail.localarquivo.

/etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1/128

[sshd]
#mode   = normal
enabled = true
bantime = 1h
port    = 2278
filter = sshd
logpath = /var/log/auth.log
maxretry = 5



[postfix]
enabled = true
bantime = 1h
mode    = more
port    = smtp,465,submission
filter = postfix
logpath = /var/log/mail.log

[postfix-sasl]
enabled = true
bantime = 1h
maxretry = 5
filter   = postfix[mode=auth]
port     = smtp,465,submission,imap,imaps,pop3,pop3s
logpath  = /var/log/mail.log

~$ sudo fail2ban-client status
Status
|- Number of jail:      3
`- Jail list:   postfix, postfix-sasl, sshd

~$ sudo fail2ban-client status postfix
Status for the jail: postfix
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:  _SYSTEMD_UNIT=postfix.service
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

Bani manualmente um IP:

~$ sudo fail2ban-client -vvv set postfix banip 1.2.3.4
 +   32 743F3BD1E080 fail2ban.configreader     INFO  Loading configs for fail2ban under /etc/fail2ban
 +   32 743F3BD1E080 fail2ban.configreader     DEBUG Reading configs for fail2ban under /etc/fail2ban
 +   33 743F3BD1E080 fail2ban.configreader     DEBUG Reading config files: /etc/fail2ban/fail2ban.conf
 +   33 743F3BD1E080 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 +   33 743F3BD1E080 fail2ban.configparserinc  TRACE     Reading file: /etc/fail2ban/fail2ban.conf
 +   33 743F3BD1E080 fail2ban.configparserinc  INFO    Loading files: ['/etc/fail2ban/fail2ban.conf']
 +   33 743F3BD1E080 fail2ban.configparserinc  TRACE     Shared file: /etc/fail2ban/fail2ban.conf
 +   34 743F3BD1E080 fail2ban                  INFO  Using socket file /var/run/fail2ban/fail2ban.sock
 +   34 743F3BD1E080 fail2ban                  INFO  Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /var/log/fail2ban.log
 +   34 743F3BD1E080 fail2ban                  HEAVY CMD: ['set', 'postfix', 'banip', '1.2.3.4']
 +   73 743F3BD1E080 fail2ban                  HEAVY OK : 1
 +   73 743F3BD1E080 fail2ban.beautifier       HEAVY Beautify 1 with ['set', 'postfix', 'banip', '1.2.3.4']
1
 +   73 743F3BD1E080 fail2ban                  DEBUG Exit with code 0

O comando iptables -nLnão mostra que este IP foi banido pelo fail2ban:

~$ sudo iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-logging-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-input  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-input  0    --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-logging-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-forward  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-forward  0    --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-before-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-after-logging-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-reject-output  0    --  0.0.0.0/0            0.0.0.0/0
ufw-track-output  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:137
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:138
ufw-skip-to-policy-input  6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:139
ufw-skip-to-policy-input  6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:445
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ufw-skip-to-policy-input  17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
ufw-skip-to-policy-input  0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ufw-user-forward  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
DROP       0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 12
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
ufw-not-local  0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     17   --  0.0.0.0/0            224.0.0.251          udp dpt:5353
ACCEPT     17   --  0.0.0.0/0            239.255.255.250      udp dpt:1900
ufw-user-input  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT] "

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ufw-user-output  0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW AUDIT INVALID] "
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
RETURN     0    --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            ctstate NEW
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2278
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            multiport dports 80,143,443,465,587,993
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            multiport dports 110,995
ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
DROP       6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        0    --  0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     0    --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)
target     prot opt source               destination

O serviço Fail2ban está em execução.

~$ sudo systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
     Active: active (running) since Tue 2024-11-12 21:09:28 CET; 1h 6min ago
       Docs: man:fail2ban(1)
   Main PID: 1001 (fail2ban-server)
      Tasks: 9 (limit: 4556)
     Memory: 49.7M (peak: 53.2M)
        CPU: 10.557s
     CGroup: /system.slice/fail2ban.service
             └─1001 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Nov 12 21:09:28 crosis systemd[1]: Started fail2ban.service - Fail2Ban Service.
Nov 12 21:09:29 crosis fail2ban-server[1001]: 2024-11-12 21:09:29,352 fail2ban.configreader   [1001]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
Nov 12 21:09:30 crosis fail2ban-server[1001]: Server ready

Estou esquecendo de algo? Estou fazendo algo errado?