各位好:
我今天在負責的一台CentOS主機上將 Fail2ban 安裝並進行設定,並且進行檢查沒問題(檢查指令如下):
[root@abc] fail2ban-regex /var/log/vsftpd.log /etc/fail2ban/filter.d/vsftpd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/vsftpd.conf
Use log file : /var/log/vsftpd.log
Results
=======
Failregex
|- Regular expressions:
| [1] vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication ailure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
| [2] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
|
`- Number of matches:
[1] 0 match(es)
[2] 20 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Addresses found:
[1]
[2]
111.222.333.444 (Tue Apr 02 08:00:03 2013)
111.222.333.444 (Tue Apr 02 08:00:07 2013)
....
111.222.333.444 (Tue Apr 02 08:00:07 2013)
Date template hits:
108 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
...
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
Success, the total number of match is 20
However, look at the above section 'Running tests' which could contain important information.
從上面那段內容來看,Fail2ban 可以從我指定的log file 中找到我要她判斷的內容,而 Failban 的設定中也沒將該 log file 的路徑設定錯誤:
[root@abc]# cat /etc/fail2ban/jail.conf
....
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
# sendmail-whois[name=VSFTPD, dest=you@example.com]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 4
bantime = 10800
findtime = 1800
....
(超過字元限制...)
我今天在負責的一台CentOS主機上將 Fail2ban 安裝並進行設定,並且進行檢查沒問題(檢查指令如下):
[root@abc] fail2ban-regex /var/log/vsftpd.log /etc/fail2ban/filter.d/vsftpd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/vsftpd.conf
Use log file : /var/log/vsftpd.log
Results
=======
Failregex
|- Regular expressions:
| [1] vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication ailure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
| [2] \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
|
`- Number of matches:
[1] 0 match(es)
[2] 20 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Addresses found:
[1]
[2]
111.222.333.444 (Tue Apr 02 08:00:03 2013)
111.222.333.444 (Tue Apr 02 08:00:07 2013)
....
111.222.333.444 (Tue Apr 02 08:00:07 2013)
Date template hits:
108 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
...
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
Success, the total number of match is 20
However, look at the above section 'Running tests' which could contain important information.
從上面那段內容來看,Fail2ban 可以從我指定的log file 中找到我要她判斷的內容,而 Failban 的設定中也沒將該 log file 的路徑設定錯誤:
[root@abc]# cat /etc/fail2ban/jail.conf
....
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
# sendmail-whois[name=VSFTPD, dest=you@example.com]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 4
bantime = 10800
findtime = 1800
....
(超過字元限制...)