因此,我无法将 Fail2Ban 用作 Web 应用程序登录的自定义过滤器。首先,其他过滤器确实有效,例如 NGINX Auth。但是,我的电子邮件已经停止工作,不知道为什么。
这些是 /var/log/auth.log 中失败的登录尝试
Apr 1 11:28:15 user pancake[17973]: Attempt to login as random failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)
Apr 1 11:28:39 user pancake[17974]: Attempt to login as admin failed. 127.0.0.1 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17)
我的监狱(/etc/fail2ban/jail.local):
[pancake]
enabled = true
port = http,https
filter = pancake
logpath = /var/log/auth.log
maxretry = 4
我的过滤器(/etc/fail2ban/filter.d/pancak.conf)
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = pancake
failregex = Attempt to login as .* failed. <HOST>$
ignoreregex =
现在,当我通过运行进行测试时:
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/pancake.conf
我得到:
Running tests
=============
Use failregex file : /etc/fail2ban/filter.d/pancake.conf
Use log file : /var/log/auth.log
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [2708] MONTH Day Hour:Minute:Second
`-
Lines: 2708 lines, 0 ignored, 0 matched, 2708 missed
我也尝试过使用:
failregex = ^%(__prefix_line)sAttempt to login as .* failed. <HOST>$
任何帮助都会很棒。
谢谢特伦特
从正则表达式中删除,
$因为在日志中没有行尾。