Fail2ban监狱没有检测到failes(并且不禁止)

时间:2013-05-05 01:55:02

标签: debian

我尝试为fail2ban创建一个自己的过滤器来检测失败的HTTP身份验证尝试。使用fail2ban-regex进行测试时它确实有效,但在运行环境中没有。

/etc/fail2ban/jail.local

...
[DEFAULT]
bantime  = 600
...
[nginx-user-auth]
enabled = true
filter  = nginx-user-auth
port    = http,https
logpath = /var/log/nginx/error.log
backend = polling
maxretry = 6
...

/etc/fail2ban/filter.d/nginx-user-auth.conf

[Definition]
failregex = user .*? password mismatch, client: <HOST>
        user .*? was not found in .*?, client: <HOST>
ignoreregex = 

测试时:

root@debian:~# fail2ban-regex /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-user-auth.conf
...
Success, the total number of match is 54
...

它还向我显示正确的IP和日期/时间。

但是jail没有检测到单次失败的登录尝试:

root@debian:~# fail2ban-client status nginx-user-auth
Status for the jail: nginx-user-auth
|- filter
|  |- File list:        /var/log/nginx/error.log
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

其他监狱工作正常。而且我完全不知道我犯了哪些错误。

提前致谢!

2 个答案:

答案 0 :(得分:0)

在这里遇到了你的例子,我在配置中启发并使用了它,并且它正在工作 注意&#34; &#34;在第一个正则表达式中,在用户。*?之后,还添加了第二个&#34; failregex&#34;其他正则表达式的后缀。

/etc/fail2ban/filter.d/nginx-auth.conf
failregex = user .*?: password mismatch, client: <HOST>
failregex = user .*? was not found in .*?, client: <HOST>

Status for the jail: nginx-auth
|- filter
| |- File list: /var/log/nginx/error.log
| |- Currently failed: 0
| `- Total failed: 6
`- action
|- Currently banned: 1
| `- IP list: x.x.x.x
`- Total banned: 1

答案 1 :(得分:0)

由于您安装的fail2ban版本中存在错误,可能会发生这种情况。与我的Ubuntu版本(0.8.4)分发的fail2ban版本存在完全相同的问题。从源代码安装fail2ban 0.8.10后,我的nginx过滤器开始工作。

在fail2ban Github页面上有几个问题提到了这个问题(它们现已关闭并修复)。