在Kubernetes中运行fail2ban吗? [英] run fail2ban in kubernetes?

问题描述

我目前的处境:我正在设置一个邮件服务器，并且在使其正常工作后，日志中充斥着来自可疑伊朗网络的验证失败消息，试图登录到随机帐户.

My Situation at the moment: I'm setting up a mail server and just after getting it to work, the logs are flooded with authentication failed messages from an suspicious iran network trying to login to random accounts.

经过一番摸索，我发现 fail2ban 可以阻止这些攻击，但是有一个问题:如何在kubernetes中使用fail2ban?我的想法:

After some googeling I found out that fail2ban can stop those attacks, but there's one problem: how to use fail2ban in kubernetes? My Ideas:

• 我发现此插件用于traefik，但它需要traefik实例可以连接到我的SaaS管理服务
• 在主机上安装 fail2ban :当kubernetes连接多节点时，节点1上的 fail2ban 仅从该节点获取日志，而不能阻止流量从节点2进入.

• I found this plugin for traefik, but it requres the traefik instance to be connected to thei SaaS managment service, what I don't need
• Installing fail2ban on the host: As kubernetes connects multiole nodes, fail2ban on node 1 only gets the logs from this node and cannot block traffik coming in on node 2.

是否有一种解决方案可以在kubernetes中运行fail2ban，也许可以链接到入口控制器，因为使用traefik可以实现，但没有与SaaS提供程序建立任何连接?

Is there a solution to run fail2ban In kubernetes, maybe linked to the ingress controller, as it is possible with traefik, but without any connection to a SaaS provider?

推荐答案

实际上并没有很好的方法.在日志访问方面，更重要的是从容器内部调整iptables规则.您绝对可以使用fail2ban的核心引擎围绕k8s本机API( pods/logs ，NetworkPolicy)构建工具，但是在撰写本文时我还不知道任何此类项目.

There isn't really a good way to do this. Both on the log access front, and more importantly on tweaking the iptables rules from inside a container. You could definitely use the core engine of fail2ban to build a tool around the k8s native APIs (pods/logs, NetworkPolicy) however I don't know any such project at time of writing.

这篇关于在Kubernetes中运行fail2ban吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！