fail2ban 监狱无法正常工作

tag-icon tag-icon debian fail2ban
fail2ban 监狱无法正常工作

我正在努力让一个 jail 在 fail2ban 中工作。Fail2ban 似乎可以正常工作,其他 jail 也正常工作。我尝试过使用fail2ban-regexp ,它似乎匹配了多次,但在禁止方面没有任何反应。

过滤器如下所示:

/etc/fail2ban/filter.d$ more apache-xmlrpc.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*\/xmlrpc\.php.* HTTP\/.*
ignoreregex =

监狱当地人喜欢这个!

/etc/fail2ban/$ more jail-local.conf

[apache-xmlrpc]
enabled = true
port = http,https
filter = apache-xmlrpc
logpath = /var/log/apache*/*access.log
maxretry = 10
findtime = 600
bantime = 86400

配置转储如下:

['add', 'apache-xmlrpc', 'auto']
['set', 'apache-xmlrpc', 'addlogpath', '/var/log/apache2/ssl_access.log']
['set', 'apache-xmlrpc', 'addlogpath', '/var/log/apache2/access.log']
['set', 'apache-xmlrpc', 'addlogpath', '/var/log/apache2/other_vhosts_access.log']
['set', 'apache-xmlrpc', 'maxretry', 10]
['set', 'apache-xmlrpc', 'addignoreip', '127.0.0.1/8']
['set', 'apache-xmlrpc', 'findtime', 600]
['set', 'apache-xmlrpc', 'bantime', 86400]
['set', 'apache-xmlrpc', 'addfailregex', '^<HOST> -.*"(GET|POST).*\\/xmlrpc\\.php.* HTTP\\/.*']
['set', 'apache-xmlrpc', 'addaction', 'iptables-multiport']
['set', 'apache-xmlrpc', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
['set', 'apache-xmlrpc', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
['set', 'apache-xmlrpc', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
['set', 'apache-xmlrpc', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
['set', 'apache-xmlrpc', 'actioncheck', 'iptables-multiport', 'iptables -n -L <chain> | grep -q fail2ban-<name>']
['set', 'apache-xmlrpc', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
['set', 'apache-xmlrpc', 'setcinfo', 'iptables-multiport', 'name', 'apache-xmlrpc']
['set', 'apache-xmlrpc', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
['set', 'apache-xmlrpc', 'setcinfo', 'iptables-multiport', 'port', 'http,https']

我已经重启了(我已经重启了!)。但还是没用。

如有任何想法,我们将不胜感激。

相关内容