oja*_*ius 6 centos regex fail2ban
我在 CentOS 7 上使用 fail2ban 0.9.7 和 Apache 反向代理,试图禁止机器人尝试以开放代理的身份访问我的服务器,例如:
221.8.179.164 - - [10/Jun/2019:22:04:19 +0200] "CONNECT auth.riotgames.com:443 HTTP/1.1" 405 235 "-" "Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0"
其中一些请求由于某种原因返回 200,尽管ProxyRequests已关闭。
这是我的配置:
[Definition]
failregex = ^<HOST> - -.*"(GET|POST|HEAD|CONNECT).*(bad_host_1|bad_host_2|bad_host_3).*"$
ignoreregex =
[apache-badhosts]
port = http,https
# I made sure this is the proper path
logpath = /var/log/httpd/access_log
bantime = 172800
maxretry = 1
enabled = true
这是结果fail2ban-regex:
user@host /e/fail2ban> sudo fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-badhosts.conf
Running tests
=============
Use failregex filter file : apache-badhosts, basedir: /etc/fail2ban
Use log file : /var/log/httpd/access_log
Use encoding : UTF-8
Results
=======
Failregex: 10797 total
|- #) [# of hits] regular expression
| 1) [10797] ^<HOST> - -.*"(GET|POST|HEAD|CONNECT).*(bad_host_1|bad_host_2|bad_host_3).*"$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [13813] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-
Lines: 13813 lines, 0 ignored, 10797 matched, 3016 missed
[processed in 2.44 sec]
日志几乎是空的,只显示sshd禁令。
为什么fail2ban 不禁止IP,尽管它使用上面的正则表达式找到匹配?
很可能您没有pyinotify在系统上安装导致 fail2ban 无法获取日志文件修改。我遇到了同样的问题并使用它修复了它。
安装 pyinotify
yum install python-inotify
安装后,编辑您的jail.local并放置
[myjail]
...
backend = pyinotify
...
systemctl restart fail2ban
| 归档时间: |
|
| 查看次数: |
2394 次 |
| 最近记录: |