因此,我无法将 Fail2Ban 作为 Web 应用登录的自定义过滤器使用。首先,其他过滤器(例如 NGINX Auth)可以工作。但是,我的电子邮件已停止工作,尚不清楚原因。
这些是 /var/log/auth.log 中的失败登录尝试
Apr 1 11:28:15 user pancake[17973]: Attempt to login as random failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)
Apr 1 11:28:39 user pancake[17974]: Attempt to login as admin failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)
我的监狱(/etc/fail2ban/jail.local):
[pancake]
enabled = true
port = http,https
filter = pancake
logpath = /var/log/auth.log
maxretry = 4
我的过滤器(/etc/fail2ban/filter.d/pancak.conf)
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = pancake
failregex = Attempt to login as .* failed. <HOST>$
ignoreregex =
现在当我通过运行进行测试时:
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/pancake.conf
我得到:
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/pancake.conf
Use log file : /var/log/auth.log
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [2708] MONTH Day Hour:Minute:Second
`-
Lines: 2708 lines, 0 ignored, 0 matched, 2708 missed
我也尝试过使用:
failregex = ^%(__prefix_line)sAttempt to login as .* failed. <HOST>$
任何帮助都将非常有帮助。
谢谢特伦特
答案1
从正则表达式中删除$,因为日志中该点没有行尾。