[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fail2ban и настройки по умолчанию не переопределяются

настраиваю fail2ban

например для защиты proftpd



Вот секция Default конфигурационного файла jails.conf:

[DEFAULT]

ignoreip = 127.0.0.1

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
#      This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = admin@ee.ru

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables-multiport

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = "">

В ней отсутствуют параметры bantime = 600 и maxretry = 3

Но если мы посмотрим в лог cat /var/log/fail2ban.log

То увидим, что именно они и устанавливаются:

2011-11-04 12:18:42,086 fail2ban.jail   : INFO   Jail 'proftpd' stopped
2011-11-04 12:18:43,084 fail2ban.jail   : INFO   Jail 'ssh' stopped
2011-11-04 12:18:43,091 fail2ban.server : INFO   Exiting Fail2ban
2011-11-04 12:18:43,597 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4-SVN
2011-11-04 12:18:43,599 fail2ban.jail   : INFO   Creating new jail 'ssh'
2011-11-04 12:18:43,599 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2011-11-04 12:18:43,632 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2011-11-04 12:18:43,634 fail2ban.filter : INFO   Set maxRetry = 3
2011-11-04 12:18:43,638 fail2ban.filter : INFO   Set findtime = 604800
2011-11-04 12:18:43,640 fail2ban.actions: INFO   Set banTime = 600
2011-11-04 12:18:43,787 fail2ban.jail   : INFO   Creating new jail 'proftpd'
2011-11-04 12:18:43,787 fail2ban.jail   : INFO   Jail 'proftpd' uses poller
2011-11-04 12:18:43,790 fail2ban.filter : INFO   Added logfile = /var/log/proftpd/proftpd.log
2011-11-04 12:18:43,791 fail2ban.filter : INFO   Set maxRetry = 3
2011-11-04 12:18:43,796 fail2ban.filter : INFO   Set findtime = 604800
2011-11-04 12:18:43,797 fail2ban.actions: INFO   Set banTime = 600
2011-11-04 12:18:43,826 fail2ban.jail   : INFO   Jail 'ssh' started
2011-11-04 12:18:43,831 fail2ban.jail   : INFO   Jail 'proftpd' started


Даже не смотря на то, что в секциях jail'ов
значения этих параметров совсем другие:

[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 4

                        # one year - 365 days
bantime = 31536000
                        # 1 week
findtime = 604800

ignoreip = 127.0.0.1 192.168.0.0/24


[proftpd]

enabled  = true
port     = ftp,ftp-data
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log

                        # 5 attempts, also add the MaxLoginAttempts 5 parametr to the proftpd.conf
maxretry = 6

                        # one year - 365 days
# bantime = 31536000
bantime = 100
                        # 1 week
findtime = 604800

ignoreip = 127.0.0.1 192.168.0.0/24

В /etc/default проверял все чисто

Вопрос: Почему это происходит ? 

-- 

С Уважением,
специалист по техническому и программному обеспечению,
системный администратор

Скубриев Владимир 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Россия, Ростовская область, г. Таганрог

тел. моб: +7 (918) 504 38 20
skype: v.skubriev
icq: 214-800-502
www: skubriev.ru
Reply to: