首页 > 其他分享 >安全: fail2ban的日常操作/配置

安全: fail2ban的日常操作/配置

时间:2024-09-21 11:03:34浏览次数:17  
标签:www log 配置 var 537.36 fail2ban apache 日常

一,指定监控多个日志文件:

例子如下:

[apache-w00tw00t]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog
           /var/log/apache*/*error.log
           /var/www/vhosts/site1.com/subdom/log/errorlog
           /var/www/vhosts/site3/log/errorlog
           /var/www/vhosts/site4/log/errorlog  
maxretry = 1

 也可以写成如下形式:

[apache-w00tw00t-1]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/log/apache*/*error.log 
maxretry = 1

[apache-w00tw00t-2]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog 
maxretry = 1

二,测试过滤器规则的有效性

 # 语法:

fail2ban-regex 日志文件 规则文件

例子:

[root@blog filter.d]# fail2ban-regex /logs/weblogs/www_ssl.access_log /etc/fail2ban/filter.d/nginx404.conf

Running tests
=============

Use   failregex filter file : nginx404, basedir: /etc/fail2ban
Use         log file : /logs/weblogs/www_ssl.access_log
Use         encoding : UTF-8


Results
=======

Failregex: 91 total
|-  #) [# of hits] regular expression
|   1) [91] ^<HOST> .* "(GET|POST|HEAD).*HTTP.*" (404|400|503) .*$
`-

Ignoreregex: 13 total
|-  #) [# of hits] regular expression
|   1) [13] .*(robots.txt|favicon.ico|jpg|png)
`-

Date template hits:
|- [# of hits] date format
|  [149] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-

Lines: 149 lines, 13 ignored, 91 matched, 45 missed
[processed in 0.40 sec]

|- Ignored line(s):
|  59.82.21.13 - - [21/Sep/2024:00:40:08 +0800] "GET /favicon.ico HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.3130.74 Safari/537.36" "-" 0.000
|  59.82.21.181 - - [21/Sep/2024:02:44:05 +0800] "GET /favicon.ico HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.6295.169 Safari/537.36" "-" 0.000
|  51.222.253.12 - - [21/Sep/2024:02:58:02 +0800] "GET /robots.txt HTTP/1.1" 404 146 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)" "-" 0.000
|  113.215.189.19 - - [21/Sep/2024:03:22:10 +0800] "GET /favicon.ico HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.6998.177 Safari/537.36" "-" 0.000
|  113.215.188.152 - - [21/Sep/2024:03:27:03 +0800] "GET /favicon.ico HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.5267.19 Safari/537.36" "-" 0.000 

 三,查看已关闭的ip地址

[root@blog fail2ban]# fail2ban-client status nginx404-admin
Status for the jail: nginx404-admin
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     5
|  `- File list:        /logs/weblogs/admin.access_log
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   13.57.24.28 

四,把误关闭的ip地址解除封闭

[root@blog fail2ban]# fail2ban-client set nginx404-admin unbanip 13.57.24.28
1

 看到返回1,表示成功

说明;此操作会同步firewalld防火墙

五,测试配置是否有效

[root@blog fail2ban]# fail2ban-client -t
OK: configuration test is successful

 

标签:www,log,配置,var,537.36,fail2ban,apache,日常
From: https://www.cnblogs.com/architectforest/p/18423679

相关文章

  • IDEA 换了电脑,如何导入和导出配置?
    前言我们在使用IDEA开发时,经常会设置各种各样的配置,时间一长,就会有很多个性化的东西。用起来也越来越顺手。 不过这里可能会有个问题,那就是哪一天我们要换个电脑了,或者想安装新版本的IDEA时,又得重新配置下来。这复杂度堪比重装系统后的各种安装软件。 那么,我们有没有办法把......
  • 本地搭建虚拟机以及配置记录
    1.下载镜像&安装1.1VMware安装略。1.2CentOS安装1)下载CentOShttps://mirrors.aliyun.com/centos/7/isos/x86_64/?spm=a2c6h.25603864.0.0.11444511lXIy8R 2)一路默认,参数自由选择。3)配置网络、日期和时间、硬盘格式化 参数注1:如果设置网络的时候,显......
  • 乐道L60太狠了,这配置打得Model Y没法还手
    文|AUTO芯球作者|雷慢这一次,国产新能源把ModelY杠得无话可说,别不信啊,昨晚乐道L60上市,我比了一圈,处处在压着ModelY打,不信你看看硬件配置、机械素养和智能驾驶,乐道L60一共120多个标配配置,全面压制ModelY,关键人家只卖20.69万起,比ModelY便宜了4万3啊,租电只要14.99万起,月租只要......
  • MySQL linux下安装,配置,免密登录与基本认识
    目录MySQL卸载环境查看是否已安装MySQL卸载mysql服务查看是否卸载干净MySQL安装查看linux版本选择MySQL版本获取mysql官方yum源rpm安装mysql官方yum源安装mysql服务查看是否安装成功配置MySQL简单登录mysql命令免密登录配置my.cnf其他配置项设置开机启动(可选)常用命令与名词认识......