User Tools

Site Tools


notes:fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
notes:fail2ban [2014/08/28 08:59] – created adminnotes:fail2ban [2014/09/08 14:12] (current) – [fail2ban for Nginx] admin
Line 1: Line 1:
-====== fail2ban for postfix/ssh ======+====== basic fail2ban setup ======
  
 To install fail2ban type To install fail2ban type
Line 7: Line 7:
   fail2ban-client -h   fail2ban-client -h
 to see if everything is all right.  You should always use fail2ban-client and never call fail2ban-server directly. to see if everything is all right.  You should always use fail2ban-client and never call fail2ban-server directly.
 +
 +===== fail2ban for postfix/ssh =====
  
 Now edit jail.conf, which contains the declaration of your jails. Set Now edit jail.conf, which contains the declaration of your jails. Set
Line 15: Line 17:
   fail2ban-client reload   fail2ban-client reload
  
-===== Nginx =====+===== fail2ban for Nginx =====
 Scanning in search of broken script is quite frequent. My nginx ''error.log'' file is full of (IP obfuscated): Scanning in search of broken script is quite frequent. My nginx ''error.log'' file is full of (IP obfuscated):
-  2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/admin/images/rn_logo.gif" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /admin/images/rn_logo.gif HTTP/1.1", host: "XYZ" +  2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/admin/images/rn_logo.gif" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /admin/images/rn_logo.gif HTTP/1.1", host: "XYZ" 
-  2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/vncviewer.jar" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /vncviewer.jar HTTP/1.1", host: "XYZ" +  2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/vncviewer.jar" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /vncviewer.jar HTTP/1.1", host: "XYZ" 
-  2014/05/28 21:59:01 [error] 17393#0: *111 "/var/www/mailing/www/Q_Evasive/index.php" is not found (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /Q_Evasive/ HTTP/1.1", host: "XYZ" +  2014/05/28 21:59:01 [error] 17393#0: *111 "/var/www/mailing/www/Q_Evasive/index.php" is not found (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /Q_Evasive/ HTTP/1.1", host: "XYZ" 
-  2014/05/28 21:59:01 [error] 17393#0: *109 open() "/var/www/mailing/www/formmail.html" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /formmail.html HTTP/1.0", host: "XYZ"+  2014/05/28 21:59:01 [error] 17393#0: *109 open() "/var/www/mailing/www/formmail.html" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /formmail.html HTTP/1.0", host: "XYZ"
  
 Create new filter /etc/fail2ban/filter.d/nginx-scan.conf Create new filter /etc/fail2ban/filter.d/nginx-scan.conf
Line 58: Line 60:
   bantime  = 172800   bantime  = 172800
   maxretry = 240   maxretry = 240
- 
-More advanced filters available at [1]. 
  
 Remember to reload rules with Remember to reload rules with
  
   fail2ban-client reload   fail2ban-client reload
 +
 +More advanced filters for Nginx available at [1].
  
 [1] [[http://serverfault.com/questions/420895/how-to-use-fail2ban-for-nginx]] [1] [[http://serverfault.com/questions/420895/how-to-use-fail2ban-for-nginx]]
notes/fail2ban.1409216368.txt.gz · Last modified: 2014/08/28 08:59 by admin