fail2ban 在 Apache Ubuntu 上不起作用

tag-icon tag-icon apache-2.2 fail2ban
fail2ban 在 Apache Ubuntu 上不起作用

尽管它在日志中检测到了,但什么也没发生。它没有阻止 IP。它对 VSFTP 运行良好,但对 apache 则不行。请帮忙。您可以在下面看到配置和日志。

jail.local配置文件:

[apache]
enabled  = true
port     = 80,443
filter   = apache-auth
logpath  = /var/log/apache*/*error.log
maxretry = 2

    # default action is now multiport, so apache-multiport jail was left
    # for compatibility with previous (<0.7.6-2) releases
[apache-multiport]

enabled   = true
port      = http,https
filter    = apache-auth
logpath   = /var/log/apache*/*error.log
maxretry  = 6

Apache-Auth 配置文件

[INCLUDES]
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$
ignoreregex =

Apache 错误日志:

[Fri Jul 25 11:31:20.758218 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01617: user GOLD: authentication failure for "/Folder": Password Mismatch
[Fri Jul 25 11:31:22.941978 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01618: user asd not found: /Folder

fail2ban-regex 结果:

Running tests
=============
Use regex file : /etc/fail2ban/filter.d/apache-auth.conf
Use log file   : /var/log/apache2/error.log
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Matched time template MONTH Day Hour:Minute:Second
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Summary
=======
Sorry, no match

Fail2Ban 日志:

    2014-07-25 15:16:49,010 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:49,010 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:49,011 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 994 hits

    2014-07-25 15:16:52,214 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

    2014-07-25 15:16:52,214 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 995 hits

    2014-07-25 15:16:52,215 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

    2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 995 hits

    2014-07-25 15:16:52,215 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

    2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 995 hits

    2014-07-25 15:16:54,790 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

    2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 996 hits

    2014-07-25 15:16:54,791 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

    2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG  Matched time template MONTH Day Hour:Minute:Second

    2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG  Sorting the template list

    2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG  Winning template: MONTH Day Hour:Minute:Second with 996 hits

    2014-07-25 15:16:54,792 fail2ban.filter : DEBUG  Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

答案1

尝试使用官方apache-auth.conf文件:

https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/apache-auth.conf

答案2

如上所述,请尝试较新/最新的过滤器apache-auth.conf

您还必须使用较新的apache-common.conf
https://github.com/fail2ban/fail2ban/tree/0.10/config/filter.d
这很关键,因为它设置了日志“前缀”正则表达式。(“ _apache_error_client”)。

一旦您正确设置了前缀和主身份验证过滤器,Ubuntu 14.04 或更新版本下的 Fail2Ban pkg 将在您的错误日志中找到匹配项。

相关内容