Fail2Ban
Установка
apt install fail2ban
systemctl enable fail2ban
- Приводим файл конфигурации к следующему виду
touch /etc/fail2ban/jail.local
nano -w /etc/fail2ban/jail.local
[sshd]
enabled = false
[apache-auth]
enabled = true
port = http,https
filter = apache-auth
logpath = %(apache_error_log)s
maxretry = 3
findtime = 600
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
findtime = 600
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = %(apache_error_log)s
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = %(apache_error_log)s
maxretry = 2
findtime = 600
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = %(apache_error_log)s
maxretry = 2
findtime = 600
[apache-botsearch]
enabled = true
port = http,https
filter = apache-botsearch
logpath = %(apache_error_log)s
maxretry = 2
findtime = 600
[apache-fakegooglebot]
enabled = true
port = http,https
filter = apache-fakegooglebot
logpath = %(apache_access_log)s
maxretry = 1
ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>
findtime = 600
[apache-modsecurity]
enabled = true
port = http,https
filter = apache-modsecurity
logpath = %(apache_error_log)s
maxretry = 2
findtime = 600
[apache-shellshock]
enabled = true
port = http,https
filter = apache-shellshock
logpath = %(apache_error_log)s
maxretry = 2
findtime = 600
nano -w /etc/fail2ban/fail2ban.conf
[Definition]
allowipv6 = no
systemctl restart fail2ban
systemctl status fail2ban
Эксплуатация
fail2ban-client status
fail2ban-client status apache-modsecurity
fail2ban-client set apache-modsecurity unbanip IP
