fail2ban 0.8.13-1 Jessie
Eine wirklich simple REGEX
vielleicht zu simple?
Muss ich mir um die Zeitstempel gedanken machen?
Code: Alles auswählen
fail2ban-regex --verbose --print-no-missed /tmp/x '<HOST> .*"HEAD.*$'
Code: Alles auswählen
Running tests
=============
Use failregex line : <HOST> .*"HEAD.*$
Use log file : /tmp/x
Results
=======
Failregex: 1000 total
|- #) [# of hits] regular expression
| 1) [1000] <HOST> .*"HEAD.*$
| 89.248.174.31 Tue Feb 16 16:49:04 2016
| 89.248.174.31 Tue Feb 16 16:49:07 2016
| 89.248.174.31 Tue Feb 16 16:49:07 2016
| 89.248.174.31 Tue Feb 16 16:49:06 2016
| 89.248.174.31 Tue Feb 16 16:49:07 2016
| 89.248.174.31 Tue Feb 16 16:49:06 2016
| 89.248.174.31 Tue Feb 16 16:49:07 2016
| 89.248.174.31 Tue Feb 16 16:49:05 2016
| 89.248.174.31 Tue Feb 16 16:49:06 2016
Lines: 1000 lines, 0 ignored, 1000 matched, 0 missed
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1000] Day/MONTH/Year:Hour:Minute:Second
| [0] WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year
| [0] WEEKDAY MONTH Day Hour:Minute:Second Year
| [0] WEEKDAY MONTH Day Hour:Minute:Second
| [0] MONTH Day Hour:Minute:Second
| [0] Year/Month/Day Hour:Minute:Second
| [0] Day/Month/Year Hour:Minute:Second
| [0] Day/Month/Year2 Hour:Minute:Second
| [0] Month/Day/Year:Hour:Minute:Second
| [0] Year-Month-Day Hour:Minute:Second[,subsecond]
| [0] Year-Month-Day Hour:Minute:Second
| [0] Year.Month.Day Hour:Minute:Second
| [0] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
| [0] Day-Month-Year Hour:Minute:Second
| [0] Month-Day-Year Hour:Minute:Second[.Millisecond]
| [0] TAI64N
| [0] Epoch
| [0] ISO 8601
| [0] Hour:Minute:Second
| [0] <Month/Day/Year@Hour:Minute:Second>
| [0] YearMonthDay Hour:Minute:Second
| [0] Month-Day-Year Hour:Minute:Second
`-
Im Betrieb wird keine IP gebannt, obwohl ich hier untergehe in den Dingern...
Code: Alles auswählen
192.3.244.186 - - [16/Feb/2016:16:50:17 +0100] "HEAD /plugins/system/plugin_googlemap2/plugin_googlemap2_proxy.php?url=www.fxwpd.com HTTP/1.1" 200 232 "-" "Mozilla/5.0"
192.3.244.186 - - [16/Feb/2016:16:50:31 +0100] "HEAD /plugins/system/plugin_googlemap2/plugin_googlemap2_proxy.php?url=www.fxwpd.com HTTP/1.1" 200 232 "-" "Mozilla/5.0"
192.3.244.186 - - [16/Feb/2016:16:50:43 +0100] "HEAD /plugins/system/plugin_googlemap2/plugin_googlemap2_proxy.php?url=www.fxwpd.com HTTP/1.1" 200 232 "-" "Mozilla/5.0"
Code: Alles auswählen
fail2ban-client status
Status
|- Number of jail: 10
`- Jail list: php-url-fopen, courierauth, apache-modsecurity, apache-nohome, pureftpd, ssh, apache-overflows, sasl, apache-HEAD, apache
Code: Alles auswählen
fail2ban-client status apache-HEAD
|- filter
| |- File list: /var/www/website.de
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
Code: Alles auswählen
2016-02-16 19:19:15,102 fail2ban.jail [1351]: INFO Creating new jail 'apache-HEAD'
2016-02-16 19:19:15,102 fail2ban.jail [1351]: INFO Jail 'apache-HEAD' uses pyinotify
2016-02-16 19:19:15,108 fail2ban.jail [1351]: INFO Initiated 'pyinotify' backend
2016-02-16 19:19:15,109 fail2ban.filter [1351]: INFO Added logfile = /var/wwwwebsite/log/access.log
2016-02-16 19:19:15,147 fail2ban.filter [1351]: INFO Set maxRetry = 3
2016-02-16 19:19:15,148 fail2ban.filter [1351]: INFO Set findtime = 600
2016-02-16 19:19:15,148 fail2ban.actions[1351]: INFO Set banTime = 600
Hat einer ein Idee?