Ho installato fail2ban e ho configurato l'accesso ssh, sul file /etc/fail2ban/jail.local, come da loro indicato:
Codice: Seleziona tutto
[sshd]
enabled = true
filter = sshd
port = ssh
banaction = iptables-multiport
bantime = -1
maxretry = 3
logpath = %(sshd_log)s
backend = %(sshd_backend)s
Codice: Seleziona tutto
2022-10-09 10:48:34,233 fail2ban.server [518]: INFO --------------------------------------------------
2022-10-09 10:48:34,236 fail2ban.server [518]: INFO Starting Fail2ban v0.11.2
2022-10-09 10:48:34,239 fail2ban.observer [518]: INFO Observer start...
2022-10-09 10:48:34,307 fail2ban.database [518]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2022-10-09 10:48:34,326 fail2ban.jail [518]: INFO Creating new jail 'sshd'
2022-10-09 10:48:34,516 fail2ban.jail [518]: INFO Jail 'sshd' uses pyinotify {}
2022-10-09 10:48:34,535 fail2ban.jail [518]: INFO Initiated 'pyinotify' backend
2022-10-09 10:48:34,546 fail2ban.filter [518]: INFO maxLines: 1
2022-10-09 10:48:34,676 fail2ban.filter [518]: INFO maxRetry: 3
2022-10-09 10:48:34,677 fail2ban.filter [518]: INFO findtime: 600
2022-10-09 10:48:34,678 fail2ban.actions [518]: INFO banTime: -1
2022-10-09 10:48:34,678 fail2ban.filter [518]: INFO encoding: UTF-8
2022-10-09 10:48:34,686 fail2ban.filter [518]: INFO Added logfile: '/var/log/auth.log' (pos = 28200, hash = 48e375da737469bfc0f71c8b3c368eab57013039)
2022-10-09 10:48:34,693 fail2ban.jail [518]: INFO Jail 'sshd' started
2022-10-09 10:52:55,705 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:52:55
2022-10-09 10:53:01,617 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:01
2022-10-09 10:53:06,881 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:06
2022-10-09 10:53:07,310 fail2ban.actions [518]: NOTICE [sshd] Ban 151.68.155.119
2022-10-09 10:53:09,589 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:09
2022-10-09 10:53:09,630 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:09
2022-10-09 10:53:14,440 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:14
2022-10-09 10:53:14,812 fail2ban.actions [518]: NOTICE [sshd] 151.68.155.119 already banned
2022-10-09 10:53:16,047 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:15
2022-10-09 10:53:47,670 fail2ban.filter [518]: INFO [sshd] Found 151.68.155.119 - 2022-10-09 10:53:47
N.B.: ssh è configurato su una porta diversa dalla 22, e mi sto collegando via PuTTY da remoto. Possibile che port = ssh si riferisca alla 22 (default) e non a quella effettivamente configurata?