fail2ban错误。不能用lighttpd-auth禁止

时间:2013-11-05 16:39:09

标签: lighttpd iptables ubuntu-server

今天我在我的ubuntu-server中安装了fail2ban。 在此之后我不得不添加以下.conf我在githunb上的fail2ban: /etc/config/filter.d/lighttpd.conf 

# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
#

[Definition]

failregex = ^: \(http_auth\.c\.\d+\) (password doesn\'t match .* username: .*|digest: auth failed for .*: wrong password|get_password failed), IP: <HOST>\s*$

ignoreregex =

# Author: Francois Boulogne <fboulogne@april.org>

在此之后,我将以下几行添加到我的Jail.conf中:

[lighttpd-auth]

enabled = false
filter  = lighttpd-auth
action  = iptables[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2

现在我有以下问题,fail2ban可以找到错误的登录,但无法禁止攻击者IP -.- 这里是我的file2ban.log

中的行 
2013-11-05 18:23:24,710 fail2ban.actions.action: ERROR  iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,747 fail2ban.actions: WARNING [lighttpd-auth] Ban 9.999.999.99
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR  Invariant check failed. Trying to restore a sane environment
2013-11-05 18:23:59,756 fail2ban.actions.action: ERROR  iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,758 fail2ban.actions.action: ERROR  iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,758 fail2ban.actions.action: CRITICAL Unable to restore environment
2013-11-05 18:24:01,760 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:02,762 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:04,764 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned

任何人都可以帮助我吗?

1 个答案:

答案 0 :(得分:0)

原因是fail2ban正在调用iptables错误。

-dport http,https选项不适用于两个端口。它给出了:

iptables v1.4.20: invalid port/service `http,https' specified.

正确的电话会是

iptables [...] -m multiport -dports "http,https" [...]

修改fail2ban配置,使其使用正确的调用。它的工作原理如下:

action  = iptables[name=lighttpd-auth, m=multiport ports="http,https"]
相关问题
最新问题