我正在尝试添加两个fail2banfilter,一个用于post洪水和phpmyadmin蛮力,但我得到以下错误。
日志:
fail2ban.filter : ERROR No 'host' group in '[[]client []] File does not exist: /var/www/(?:PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2)' fail2ban.filter : ERROR No 'host' group in '^ -.*”POST.*' jail.conf:
[apache-phpmyadmin] enabled = true port = http,https filter = apache-phpmyadmin logpath = /var/log/apache*/*error.log maxretry = 3 [apache-postflood] enabled = true port = http,https filter = apache-postflood logpath = /var/log/apache*/*flood.log findtime = 10 maxretry = 10
apache-phpmyadmin.conffilter:
[Definition] docroot = /var/www badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2 failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s) ignoreregex =
apache-postflood.conffilter:
[Definition] failregex = ^ -.*”POST.* ignoreregex =
您的failregex缺less特殊的string<HOST> ,您必须在IP地址出现在日志条目中的地方插入该string。 这是必需的,以便fail2ban将知道它应该采取什么IP地址。