如何设置 fail2ban 来读取监狱中的多日志?

如何设置 fail2ban 来读取监狱中的多日志?

如何为同一条规则配置多个日志路径?

我正在尝试编写如下语法:

[apache-w00tw00t]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/log/apache*/*error.log 
logpath  = /var/www/vhosts/site1.com/log/errorlog 
logpath  = /var/www/vhosts/site1.com/subdom/log/errorlog
logpath  = /var/www/vhosts/site3/log/errorlog
logpath  = /var/www/vhosts/site4/log/errorlog
maxretry = 1

路径都不同,所以我不能使用 RE *

将更多日志放入规则的正确语法是什么?

答案1

我尝试使用相同的语法,在启动 fail2ban 时没有出现任何错误。请在 jail.conf 中尝试此操作,如果仍然不起作用,您可以轻松地将规则拆分为多个,并使用单个日志路径,例如:

[apache-w00tw00t-1]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/log/apache*/*error.log 
maxretry = 1

[apache-w00tw00t-2]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog 
maxretry = 1

ETC。

这最终应该可以工作:

[apache-w00tw00t]
enabled  = true
filter   = apache-w00tw00t
action   = iptables-allports
logpath  = /var/www/vhosts/site1.com/log/errorlog
           /var/log/apache*/*error.log
           /var/www/vhosts/site1.com/subdom/log/errorlog
           /var/www/vhosts/site3/log/errorlog
           /var/www/vhosts/site4/log/errorlog  
maxretry = 1

您可以咨询http://centoshelp.org/security/fail2ban/了解详情。

相关内容