我对使用 fail2ban 完全陌生。现在我收到漏行错误,但我不知道原因。我有以下两个文件:
///etc/fail2ban/filter.d/apache-custom.conf
[Definition]
#badagents = 360Spider|ZmEu|Auto Spider 1.0|zgrab/[0-9]*\.[0-9a-zA-Z]*|Wget\(.*\)|MauiBot.*|AspiegelBot.*|SemrushBot.*|PHP/.*
badagents =
failregex = ^.+?:\d+ <HOST> -.*"(GET|POST|HEAD) /+dns-query.*$
ignoreregex =
///var/log/apache2/access.log
72.139.194.229 - - [17/Nov/2023:01:08:57 +0000] "GET /dns-query HTTP/1.1" 302 4942 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36"
然后我运行了命令fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/apache-custom.conf,它给出了以下消息:
Running tests
=============
Use failregex filter file : apache-custom, basedir: /etc/fail2ban
Use log file : access.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
[processed in 0.02 sec]
|- Missed line(s):
| 72.139.194.229 - - [17/Nov/2023:01:08:57 +0000] "GET /dns-query HTTP/1.1" 302 4942 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Mobile Safari/537.36"
我在过滤器中做错了什么?我原本希望正则表达式能够捕获 access.log 中的这一行