服务器 Gind.cn
  1. 服务器 Gind.cn
  3. fail2ban不工作在Apache Ubuntu
Intereting Posts
在Ubuntu Server 8.04中添加/更新crontab之后,是否需要刷新或重新启动? 尝试在HHVM安装后在WordPress中发布/更新时出现502错误 为什么Hyper-V VHD在添加20 Gig后仍然显示100%的磁盘空间? 在Windows 2008 R2上,如果DHCP .mdb数据库总是忙碌,如何备份DHCP? 重载简单的查询 使用WinSCP传输N天以前的文件 terminal服务器上的不同用户angular色 PHP头redirect工作在nginx甚至输出发送 后缀。 总是发送电子邮件到外面 用户login时的默认path 如何在启动时运行基于Java Service Wrapper的应用程序 被僵尸networking打击; iptables跟不上 在Mac上启用不使用GUI的远程login(SSH) 发送rewrote url而不强制一个新的请求 PowerEdge 2950:E2118是否可以生成E1422

fail2ban不工作在Apache Ubuntu

即使它在日志中检测到也没有任何反应。 它不会阻止IP。 它适用于VSFTP,但不适用于Apache。 请帮忙。 你可以看到下面的configuration和日志。

jail.localconfiguration文件: 

[apache] enabled = true port = 80,443 filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 2 # default action is now multiport, so apache-multiport jail was left # for compatibility with previous (<0.7.6-2) releases [apache-multiport] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 6

Apache-Authconfiguration文件 

 [INCLUDES] before = apache-common.conf [Definition] failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$ ignoreregex =

Apache错误日志: 

 [Fri Jul 25 11:31:20.758218 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01617: user GOLD: authentication failure for "/Folder": Password Mismatch [Fri Jul 25 11:31:22.941978 2014] [auth_basic:error] [pid 4959] [client 8.8.8.8:12767] AH01618: user asd not found: /Folder

fail2ban-regex结果: 

 Running tests ============= Use regex file : /etc/fail2ban/filter.d/apache-auth.conf Use log file : /var/log/apache2/error.log Matched time template MONTH Day Hour:Minute:Second Matched time template MONTH Day Hour:Minute:Second Matched time template MONTH Day Hour:Minute:Second Matched time template MONTH Day Hour:Minute:Second Matched time template MONTH Day Hour:Minute:Second Results ======= Failregex: 0 total Ignoreregex: 0 total Summary ======= Sorry, no match

Fail2Ban日志: 

  2014-07-25 15:16:49,010 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:49,010 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:49,011 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 994 hits 2014-07-25 15:16:52,214 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 > 2014-07-25 15:16:52,214 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 995 hits 2014-07-25 15:16:52,215 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 > 2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:52,215 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 995 hits 2014-07-25 15:16:52,215 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 > 2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:52,216 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 995 hits 2014-07-25 15:16:54,790 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 > 2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:54,791 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 996 hits 2014-07-25 15:16:54,791 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 > 2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG Matched time template MONTH Day Hour:Minute:Second 2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG Sorting the template list 2014-07-25 15:16:54,792 fail2ban.filter.datedetector: DEBUG Winning template: MONTH Day Hour:Minute:Second with 996 hits 2014-07-25 15:16:54,792 fail2ban.filter : DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/apache2/error.log pathname=/var/log/apache2/error.log wd=2 >

尝试使用官方的apache-auth.conf文件:

https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/apache-auth.conf

如上所述,尝试一个更新/最新的filterapache-auth.conf

但是你也必须使用更新的apache-common.conf
https://github.com/fail2ban/fail2ban/tree/0.10/config/filter.d
这是设置日志“前缀”正则expression式的关键。 (“ _apache_error_client ”)。

一旦你正确设置了前缀和主authenticationfilter,Ubuntu 14.04或更新版本中的Fail2Ban pkg将会在你的错误日志中find匹配。