话说回来了,这互联网环境太恶劣了,
10.42.0.182是ingress网关的ip
可以看到,部署fail2ban后,现在一小时的非法访问量还没有之前一分钟的多。
这是部署之前的日志
2022-12-17_08:17:10.80548 Disconnected from invalid user demo1 10.42.0.182
port 51348 [preauth]
2022-12-17_08:17:24.07441 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-17_08:17:24.80963 Received disconnect from 10.42.0.182 port 51494:11:
Bye Bye [preauth]
2022-12-17_08:17:24.80965 Disconnected from invalid user root 10.42.0.182
port 51494 [preauth]
2022-12-17_08:17:27.59827 Invalid user demo from 10.42.0.182 port 51574
2022-12-17_08:17:27.82994 Received disconnect from 10.42.0.182 port 51574:11:
Bye Bye [preauth]
2022-12-17_08:17:27.82996 Disconnected from invalid user demo 10.42.0.182
port 51574 [preauth]
2022-12-17_08:17:36.15531 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-17_08:17:36.30548 Received disconnect from 10.42.0.182 port 51684:11:
Bye Bye [preauth]
2022-12-17_08:17:36.30551 Disconnected from invalid user root 10.42.0.182
port 51684 [preauth]
2022-12-17_08:17:42.78346 Invalid user hd from 10.42.0.182 port 51770
2022-12-17_08:17:42.96673 Received disconnect from 10.42.0.182 port 51770:11:
Bye Bye [preauth]
2022-12-17_08:17:42.96675 Disconnected from invalid user hd 10.42.0.182 port
51770 [preauth]
2022-12-17_08:17:44.25586 Invalid user eden from 10.42.0.182 port 51774
2022-12-17_08:17:44.64120 Received disconnect from 10.42.0.182 port 51774:11:
Bye Bye [preauth]
2022-12-17_08:17:44.64123 Disconnected from invalid user eden 10.42.0.182
port 51774 [preauth]
2022-12-17_08:17:53.36127 Invalid user pascal from 10.42.0.182 port 51896
2022-12-17_08:17:53.77202 Received disconnect from 10.42.0.182 port 51896:11:
Bye Bye [preauth]
2022-12-17_08:17:53.77204 Disconnected from invalid user pascal 10.42.0.182
port 51896 [preauth]
2022-12-17_08:17:55.40639 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-17_08:17:55.64848 Received disconnect from 10.42.0.182 port 51934:11:
Bye Bye [preauth]
2022-12-17_08:17:55.64851 Disconnected from invalid user root 10.42.0.182
port 51934 [preauth]
2022-12-17_08:18:01.34122 Invalid user lms from 10.42.0.182 port 51994
2022-12-17_08:18:02.19226 Received disconnect from 10.42.0.182 port 51994:11:
Bye Bye [preauth]
2022-12-17_08:18:02.19229 Disconnected from invalid user lms 10.42.0.182 port
51994 [preauth]
2022-12-17_08:18:06.93732 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-17_08:18:07.01381 Received disconnect from 10.42.0.182 port 52090:11:
Bye Bye [preauth]
2022-12-17_08:18:07.01383 Disconnected from invalid user root 10.42.0.182
port 52090 [preauth]
2022-12-17_08:18:13.99828 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-17_08:18:14.18827 Received disconnect from 10.42.0.182 port 52170:11:
Bye Bye [preauth]
这是部署之后的日志
2022-12-18_13:42:51.07126 Invalid user alpha from 10.42.0.182 port 34500
2022-12-18_13:42:51.85064 Received disconnect from 10.42.0.182 port 34500:11:
Bye Bye [preauth]
2022-12-18_13:42:51.85067 Disconnected from invalid user alpha 10.42.0.182
port 34500 [preauth]
2022-12-18_13:43:10.93266 Invalid user db2inst from 10.42.0.182 port 34760
2022-12-18_13:43:10.97628 Received disconnect from 10.42.0.182 port 34760:11:
Bye Bye [preauth]
2022-12-18_13:43:10.97632 Disconnected from invalid user db2inst 10.42.0.182
port 34760 [preauth]
2022-12-18_13:46:15.33125 Invalid user user from 10.42.0.182 port 37140
2022-12-18_13:46:31.66329 Connection closed by invalid user user 10.42.0.182
port 37140 [preauth]
2022-12-18_13:51:12.80500 Invalid user testuser from 10.42.0.182 port 41006
2022-12-18_13:51:13.13223 Connection closed by invalid user testuser
10.42.0.182 port 41006 [preauth]
2022-12-18_13:51:52.89945 Invalid user sftp from 10.42.0.182 port 41520
2022-12-18_13:51:53.08527 Received disconnect from 10.42.0.182 port 41520:11:
Bye Bye [preauth]
2022-12-18_13:51:53.08528 Disconnected from invalid user sftp 10.42.0.182
port 41520 [preauth]
2022-12-18_13:53:53.53812 Invalid user testuser from 10.42.0.182 port 43082
2022-12-18_13:53:53.83396 Connection closed by invalid user testuser
10.42.0.182 port 43082 [preauth]
2022-12-18_14:05:14.61314 Invalid user ahmed from 10.42.0.182 port 51884
2022-12-18_14:05:17.93528 Disconnecting invalid user ahmed 10.42.0.182 port
51884: Change of username or service not allowed: (ahmed,ssh-connection) ->
(ai,ssh-connection) [preauth]
2022-12-18_14:05:24.37588 Invalid user ai from 10.42.0.182 port 51968
2022-12-18_14:05:27.69318 Disconnecting invalid user ai 10.42.0.182 port
51968: Change of username or service not allowed: (ai,ssh-connection) ->
(aiden,ssh-connection) [preauth]
2022-12-18_14:05:36.28860 Invalid user aiden from 10.42.0.182 port 52104
2022-12-18_14:05:39.61187 Disconnecting invalid user aiden 10.42.0.182 port
52104: Change of username or service not allowed: (aiden,ssh-connection) ->
(aim,ssh-connection) [preauth]
2022-12-18_14:05:45.89705 Invalid user aim from 10.42.0.182 port 52252
2022-12-18_14:05:49.21225 Disconnecting invalid user aim 10.42.0.182 port
52252: Change of username or service not allowed: (aim,ssh-connection) ->
(ai,ssh-connection) [preauth]
2022-12-18_14:05:56.23645 Invalid user ai from 10.42.0.182 port 52384
2022-12-18_14:05:59.54457 Disconnecting invalid user ai 10.42.0.182 port
52384: Change of username or service not allowed: (ai,ssh-connection) ->
(airflow,ssh-connection) [preauth]
2022-12-18_14:06:06.61685 Invalid user airflow from 10.42.0.182 port 52508
2022-12-18_14:06:09.92393 Connection closed by invalid user airflow
10.42.0.182 port 52508 [preauth]
2022-12-18_14:31:05.77675 User root from 10.42.0.182 not allowed because not
listed in AllowUsers
2022-12-18_14:31:05.99445 Received disconnect from 10.42.0.182 port 43498:11:
Bye Bye [preauth]
2022-12-18_14:31:05.99448 Disconnected from invalid user root 10.42.0.182
port 43498 [preauth]
可以看到,现在一小时的非法访问量还没有之前一分钟的多。
【 在 qlogic 的大作中提到: 】
: fail2ban的目的就是不想在应用层看到那么多尝试连接的日志
--
修改:qlogic FROM 119.139.196.*
FROM 119.139.196.*