How to configure Fail2Ban?
by n00b_noob from LinuxQuestions.org on (#5CQ7W)
Hello,
I found a tutorial to protect some services with Fail2Ban:
Quote:
What is "[apache-auth]"? Is it a predefined rule for Fail2Ban and is under the "filter.d" directory? I mean is that "[apache-auth]" refer to the "apache-auth.conf" file:
Code:# ls filter.d/
3proxy.conf exim-spam.conf proftpd.conf
apache-auth.conf freeswitch.conf pure-ftpd.conf
apache-badbots.conf froxlor-auth.conf qmail.conf
apache-botsearch.conf groupoffice.conf recidive.conf
apache-common.conf gssftpd.conf roundcube-auth.conf
apache-fakegooglebot.conf guacamole.conf screensharingd.conf
apache-modsecurity.conf haproxy-http-auth.conf selinux-common.conf
apache-nohome.conf horde.conf selinux-ssh.conf
apache-noscript.conf ignorecommands/ sendmail-auth.conf
apache-overflows.conf kerio.conf sendmail-reject.conf
apache-pass.conf lighttpd-auth.conf sieve.conf
apache-shellshock.conf mongodb-auth.conf slapd.conf
assp.conf monit.conf sogo-auth.conf
asterisk.conf murmur.conf solid-pop3d.conf
bitwarden.conf mysqld-auth.conf squid.conf
botsearch-common.conf nagios.conf squirrelmail.conf
centreon.conf named-refused.conf sshd.conf
common.conf nginx-botsearch.conf stunnel.conf
counter-strike.conf nginx-http-auth.conf suhosin.conf
courier-auth.conf nginx-limit-req.conf tine20.conf
courier-smtp.conf nsd.conf traefik-auth.conf
cyrus-imap.conf openhab.conf uwimap-auth.conf
directadmin.conf openwebmail.conf vsftpd.conf
domino-smtp.conf oracleims.conf webmin-auth.conf
dovecot.conf pam-generic.conf wuftpd.conf
dropbear.conf perdition.conf xinetd-fail.conf
drupal-auth.conf phpmyadmin-syslog.conf znc-adminlog.conf
ejabberd-auth.conf php-url-fopen.conf zoneminder.conf
exim-common.conf portsentry.conf
exim.conf postfix.confApache logs are:
Code:# ls /var/log/httpd/
access_log error_log modsec_audit.log modsec_debug.logBut "logpath = %(apache_error_log)s" !!! The "apache_error_log" must be change to "error_log" ?
Thank you.
I found a tutorial to protect some services with Fail2Ban:
Quote:
| # nano /etc/fail2ban/jail.local Add the following lines at the end of the file: Code:[apache-auth] enabled = true port = http,https logpath = %(apache_error_log)s [apache-badbots] enabled = true port = http,https logpath = %(apache_access_log)s bantime = 48h maxretry = 1 [apache-noscript] enabled = true port = http,https logpath = %(apache_error_log)s |
Code:# ls filter.d/
3proxy.conf exim-spam.conf proftpd.conf
apache-auth.conf freeswitch.conf pure-ftpd.conf
apache-badbots.conf froxlor-auth.conf qmail.conf
apache-botsearch.conf groupoffice.conf recidive.conf
apache-common.conf gssftpd.conf roundcube-auth.conf
apache-fakegooglebot.conf guacamole.conf screensharingd.conf
apache-modsecurity.conf haproxy-http-auth.conf selinux-common.conf
apache-nohome.conf horde.conf selinux-ssh.conf
apache-noscript.conf ignorecommands/ sendmail-auth.conf
apache-overflows.conf kerio.conf sendmail-reject.conf
apache-pass.conf lighttpd-auth.conf sieve.conf
apache-shellshock.conf mongodb-auth.conf slapd.conf
assp.conf monit.conf sogo-auth.conf
asterisk.conf murmur.conf solid-pop3d.conf
bitwarden.conf mysqld-auth.conf squid.conf
botsearch-common.conf nagios.conf squirrelmail.conf
centreon.conf named-refused.conf sshd.conf
common.conf nginx-botsearch.conf stunnel.conf
counter-strike.conf nginx-http-auth.conf suhosin.conf
courier-auth.conf nginx-limit-req.conf tine20.conf
courier-smtp.conf nsd.conf traefik-auth.conf
cyrus-imap.conf openhab.conf uwimap-auth.conf
directadmin.conf openwebmail.conf vsftpd.conf
domino-smtp.conf oracleims.conf webmin-auth.conf
dovecot.conf pam-generic.conf wuftpd.conf
dropbear.conf perdition.conf xinetd-fail.conf
drupal-auth.conf phpmyadmin-syslog.conf znc-adminlog.conf
ejabberd-auth.conf php-url-fopen.conf zoneminder.conf
exim-common.conf portsentry.conf
exim.conf postfix.confApache logs are:
Code:# ls /var/log/httpd/
access_log error_log modsec_audit.log modsec_debug.logBut "logpath = %(apache_error_log)s" !!! The "apache_error_log" must be change to "error_log" ?
Thank you.