Und so sieht’s dann aus, wenn fail2ban in Aktion tritt:
In der auth.log stehen dann Einträge in der Art
Mar 4 13:57:18 localhost sshd[27578]: Invalid user webmaster from 124.109.52.58
Mar 4 13:57:23 localhost sshd[27584]: Invalid user sales from 124.109.52.58
Mar 4 13:57:26 localhost sshd[27586]: Invalid user admin from 124.109.52.58
Mar 4 13:57:28 localhost sshd[27589]: Invalid user andrea from 124.109.52.58
Mar 4 13:57:35 localhost sshd[27596]: Invalid user guest from 124.109.52.58
Mar 4 13:57:36 localhost sshd[27598]: Invalid user guest1 from 124.109.52.58
Mar 4 13:59:37 localhost sshd[27600]: fatal: Timeout before authentication for 124.109.52.58
[...]
Mar 4 14:00:46 localhost sshd[27667]: Invalid user test from 200.68.75.149
Mar 4 14:00:47 localhost sshd[27657]: Invalid user test from 200.68.75.149
Mar 4 14:00:47 localhost sshd[27669]: Invalid user test from 200.68.75.149
Mar 4 14:00:47 localhost sshd[27670]: Invalid user test from 200.68.75.149
Mar 4 14:00:47 localhost sshd[27671]: Invalid user test from 200.68.75.149
Mar 4 14:00:47 localhost sshd[27672]: Invalid user test from 200.68.75.149
Mar 4 14:02:47 localhost sshd[27677]: fatal: Timeout before authentication for 200.68.75.149
Iptables verwirft also erfolgreich:
# iptables -L fail2ban-ssh
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP 0 -- mail.forvis.com.ar anywhere
DROP 0 -- mbl-109-52-58.dsl.net.pk anywhere
RETURN 0 -- anywhere anywhere
Hi,
vielen Dank das du mich auf das hervorragende Tool aufmerksam gemacht hast. Das kann ich gut gebrauchen, und bietet viel Schutz für wenig Aufwand.
-Diego
Coole