Задать вопрос

Как настроить fail2ban?

fail2ban 0.8.4 Помогите разобраться в чем косяк. Настраиваю на бан по nginx connection/requests limits

/var/log/nginx/error.log:
2014/02/06 10:57:41 [error] 30758#0: *41499 limiting connections by zone "bad_ip", client: 178.68.6.216, server: domain.ru, request: "GET /
[skipped]
...
and more than 10 time

2014/02/06 10:56:52 [error] 30758#0: *41327 limiting requests, excess: 20.232 by zone "bad_req", client: 178.68.6.216, server: domain.ru, request: "GET /
[skipped]
...
and more than 20 time

REGEX for limiting connection and requests:

failregex = limiting connections by zone.*client: <HOST>

и
failregex = limiting requests.*client: <HOST>

jail.local:
[nginx-conn-limit]

enabled = true
filter = nginx-conn-limit
action = iptables-multiport[name=ConnLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/error.log
findtime = 600
bantime = 7200
maxretry = 10

[nginx-req-limit]

enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
logpath = /var/log/nginx/error.log
findtime = 600
bantime = 7200
maxretry = 20


/var/log/fail2ban.log:
...
2014-02-06 10:46:05,332 fail2ban.jail : INFO Creating new jail 'nginx-req-limit'
2014-02-06 10:46:05,333 fail2ban.jail : INFO Jail 'nginx-req-limit' uses poller
2014-02-06 10:46:05,345 fail2ban.filter : INFO Added logfile = /var/log/nginx/error.log
2014-02-06 10:46:05,363 fail2ban.filter : INFO Set maxRetry = 20
2014-02-06 10:46:05,386 fail2ban.filter : INFO Set findtime = 600
2014-02-06 10:46:05,387 fail2ban.actions: INFO Set banTime = 7200
...
2014-02-06 10:46:05,893 fail2ban.jail : INFO Creating new jail 'nginx-conn-limit'
2014-02-06 10:46:05,893 fail2ban.jail : INFO Jail 'nginx-conn-limit' uses poller
2014-02-06 10:46:05,897 fail2ban.filter : INFO Added logfile = /var/log/nginx/error.log
2014-02-06 10:46:05,920 fail2ban.filter : INFO Set maxRetry = 10
2014-02-06 10:46:05,956 fail2ban.filter : INFO Set findtime = 600
2014-02-06 10:46:05,957 fail2ban.actions: INFO Set banTime = 7200
...
2014-02-06 10:46:06,304 fail2ban.jail : INFO Jail 'nginx-req-limit' started
2014-02-06 10:46:06,380 fail2ban.jail : INFO Jail 'nginx-conn-limit' started
...


Собственно и все. Набираю указанные лимиты и ничего. fail2ban не реагирует, лог молчит.
  • Вопрос задан
  • 3947 просмотров
Подписаться 4 Оценить Комментировать
Решения вопроса 1
Fader
@Fader Автор вопроса
Обновился до последней версии - все заработало. Видимо баг или недостаточная совместимость с python 2.6 или еще чего...
Ответ написан
Комментировать
Пригласить эксперта
Ответы на вопрос 2
Проверьте фильтры с помощью fail2ban-regex
Ответ написан
Комментировать
Fader
@Fader Автор вопроса
fail2ban-regex '/var/log/nginx/error.log' 'limiting requests.*client: <HOST>'

Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
24795 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 9388


fail2ban-regex '/var/log/nginx/error.log' 'limiting connections by zone.*client: <HOST>'

Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
19582 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 4175
Ответ написан
Комментировать
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы