我无法设置fail2ban来检查Nginx错误日志中是否存在失败的http auth条目.即使提供的failregex工作,fail2ban似乎只是跳过jail配置.
我已经尝试将loglevel设置为4,但是没有关于Nginx jail的任何失败的信息.另外我认为日志文件中的时间戳必须与系统时间相匹配,当然情况就是这样.
奇怪的是,我设置的其他监狱(ssh)完美无缺.我没有想法,也许你有一个.希望您能获得所需的所有信息.谢谢.
fail2ban.conf
[Definition]
loglevel = 3
logtarget = /var/example/logs/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock
jail.conf
[DEFAULT]
ignoreip = 127.0.0.1
bantime = 60
findtime = 600
maxretry = 3
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables-allports[name=SSH,protocol=all]
logpath = /var/log/auth.log
[Nginx]
enabled = true
filter = Nginx-auth
action = iptables-allports[name=Nginx,protocol=all]
logpath = /var/example/logs/Nginx-error.log
filter.d / Nginx的-auth.conf
[Definition]
failregex = no user/password was provided for basic authentication.*client:
fail2ban-regex /var/example/logs/Nginx-error.log /var/example/config/fail2ban/filter.d/Nginx-auth.conf
Running tests
=============
Use regex file : /var/example/config/fail2ban/filter.d/Nginx-auth.conf
Use log file : /var/example/logs/Nginx-error.log
Results
=======
Failregex
|- Regular expressions:
| [1] no user/password was provided for basic authentication.*client:
最佳答案