我正在尝试添加两个 fail2ban 过滤器,一个用于后洪水攻击,一个用于 phpmyadmin 暴力破解,但我收到以下错误。
日志:
fail2ban.filter : ERROR No 'host' group in '[[]client []] File does not exist: /var/www/(?:PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2)'
fail2ban.filter : ERROR No 'host' group in '^ -.*”POST.*'
jail.conf:
[apache-phpmyadmin]
enabled = true
port = http,https
filter = apache-phpmyadmin
logpath = /var/log/apache*/*error.log
maxretry = 3
[apache-postflood]
enabled = true
port = http,https
filter = apache-postflood
logpath = /var/log/apache*/*flood.log
findtime = 10
maxretry = 10
apache-phpmyadmin.conf 过滤器:
[Definition]
docroot = /var/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)
ignoreregex =
apache-postflood.conf 过滤器:
[Definition]
failregex = ^ -.*”POST.*
ignoreregex =
答案1
您failregex缺少一个特殊字符串<HOST>,您必须将其插入到日志条目中 IP 地址出现的位置。这是必需的,这样 fail2ban 才能知道它应该对哪个 IP 地址采取行动。