fail2ban falha ao bloquear de auth.log com directadmin [closed]

Navegue suas respostas
2

Estou usando o directadmin em um servidor Ubuntu. Eu instalei recentemente o Fail2Ban. mas eu ainda estou recebendo e-mail "ataque de força bruta" do directadmin. meu jail.conf (somente o jail auth.log!): 

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 6

[pam-generic]
enabled  = false
filter   = pam-generic
port     = all
banaction = iptables-allports
port     = anyport
logpath  = /var/log/auth.log
maxretry = 6

[ssh-ddos]
enabled  = false
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 6

my auth.log (parte desativada): 

Mar 12 05:31:29 server sshd[24203]: Invalid user justin from 59.148.193.108
Mar 12 05:31:29 server sshd[24203]: input_userauth_request: invalid user justin [preauth]
Mar 12 05:31:29 server sshd[24203]: pam_unix(sshd:auth): check pass; user unknown
Mar 12 05:31:29 server sshd[24203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=059148193108.ctinets.com 
Mar 12 05:31:31 server sshd[24203]: Failed password for invalid user justin from 59.148.193.108 port 36573 ssh2
Mar 12 05:31:31 server sshd[24203]: Received disconnect from 59.148.193.108: 11: Bye Bye [preauth]

Mar 12 07:38:29 server sshd[30093]: reverse mapping checking getaddrinfo for 221.51.174.61.dial.wz.zj.dynamic.163data.com.cn [61.174.51.221] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 12 07:38:30 server sshd[30093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.221  user=admin
Mar 12 07:38:32 server sshd[30093]: Failed password for admin from 61.174.51.221 port 4413 ssh2
Mar 12 07:38:44 server sshd[30093]: message repeated 5 times: [ Failed password for admin from 61.174.51.221 port 4413 ssh2]
Mar 12 07:38:44 server sshd[30093]: Disconnecting: Too many authentication failures for admin [preauth]
Mar 12 07:38:44 server sshd[30093]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.174.51.221  user=admin
Mar 12 07:38:44 server sshd[30093]: PAM service(sshd) ignoring max retries; 6 > 3

eu li em algum lugar que poderia ter algo a ver com o formato de data. mas depois de investigar eles consertaram em versões mais recentes do fail2ban.

    
por TD_Nijboer 12.03.2014 / 11:31

0 respostas

Tags

O SCCM 2012 Client não selecionará o site wget e encaminhamento de porta