Несколько дней назад я купил VPS и установил Centos 7 на нем. Сейчас я пытаюсь настроить fail2ban для ssh. Я установил epel-release. Iptables использовался по умолчанию. Вот что я получаю, когда пытаюсь запустить fail2ban:
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details. Отладка запуска fail2ban:
[root@server ~]# /usr/bin/fail2ban-client -v -v start INFO Loading configs for fail2ban under /etc/fail2ban DEBUG Reading configs for fail2ban under /etc/fail2ban DEBUG Reading config files: /etc/fail2ban/fail2ban.conf INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] INFO Using socket file /var/run/fail2ban/fail2ban.sock INFO Loading configs for jail under /etc/fail2ban DEBUG Reading configs for jail under /etc/fail2ban DEBUG Reading config files: /etc/fail2ban/jail.conf,/etc/fail2ban/jail.d/00-firewalld.conf, /etc/fail2ban/jail.local INFO Loading files: ['/etc/fail2ban/jail.conf'] INFO Loading files: ['/etc/fail2ban/paths-fedora.conf'] INFO Loading files: ['/etc/fail2ban/paths-common.conf'] INFO Loading files: ['/etc/fail2ban/paths-overrides.local'] INFO Loading files: ['/etc/fail2ban/jail.d/00-firewalld.conf'] INFO Loading files: ['/etc/fail2ban/jail.local'] INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-fedora.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/00-firewalld.conf', '/etc/fail2ban/jail.local'] INFO Loading configs for filter.d/sshd under /etc/fail2ban DEBUG Reading configs for filter.d/sshd under /etc/fail2ban DEBUG Reading config files: /etc/fail2ban/filter.d/sshd.conf INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf'] INFO Loading files: ['/etc/fail2ban/filter.d/common.conf'] INFO Loading files: ['/etc/fail2ban/filter.d/common.local'] INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf'] INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban DEBUG Reading configs for action.d/iptables-multiport under /etc/fail2ban DEBUG Reading config files: /etc/fail2ban/action.d/iptables-multiport.conf INFO Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf'] INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf'] INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local'] INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local'] INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf'] ERROR No file(s) found for glob /var/log/secure ERROR Failed during configuration: Have not found any log file for sshd jail Я попытался переустановить iptables, но после новой установки мне не хватает безопасного файла журнала. Это может быть вызвано настройками провайдера VPS?
Почему бы не создать отсутствующий файл?
touch /var/log/secure chown root. /var/log/secure chmod 0600 /var/log/secure Затем:
systemctl restart fail2ban.service /var/log/secureприходит от rsyslog. Убедитесь, что у вас есть authpriv.* /var/log/secureв /etc/rsyslog.confи rsyslogработает:
systemctl status rsyslog