Linux

Fail2Ban 登錄過濾器在 Debian Web 伺服器上不起作用

  • April 10, 2016

因此,我無法將 Fail2Ban 用作 Web 應用程序登錄的自定義過濾器。首先,其他過濾器確實有效,例如 NGINX Auth。但是,我的電子郵件已經停止工作,不知道為什麼。

這些是 /var/log/auth.log 中失敗的登錄嘗試

Apr  1 11:28:15 user pancake[17973]: Attempt to login as random failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)

Apr  1 11:28:39 user pancake[17974]: Attempt to login as admin failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)

我的監獄(/etc/fail2ban/jail.local):

[pancake]

enabled  = true

port     = http,https

filter   = pancake

logpath  = /var/log/auth.log

maxretry = 4

我的過濾器(/etc/fail2ban/filter.d/pancak.conf)

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from

# common.local

before = common.conf

[Definition]

_daemon = pancake

failregex = Attempt to login as .* failed. <HOST>$

ignoreregex =

現在,當我通過執行進行測試時:

sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/pancake.conf

我得到:

Running tests

=============

Use   failregex file : /etc/fail2ban/filter.d/pancake.conf

Use         log file : /var/log/auth.log

Results

=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

|- [# of hits] date format

|  [2708] MONTH Day Hour:Minute:Second

`-

Lines: 2708 lines, 0 ignored, 0 matched, 2708 missed

我也嘗試過使用:

failregex = ^%(__prefix_line)sAttempt to login as .* failed. <HOST>$

任何幫助都會很棒。

謝謝特倫特

從正則表達式中刪除,$因為在日誌中沒有行尾。

引用自:https://serverfault.com/questions/769288