Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
informatique:linux:fail2ban [2013/02/11 07:45] benoit créée |
informatique:linux:fail2ban [2018/09/06 19:10] (Version actuelle) |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
===== Fail2ban ===== | ===== Fail2ban ===== | ||
- | Exemple de configuration pour apache : | + | Exemple d'installation et de configuration sous Debian avec apache : |
+ | Installation : | ||
+ | apt-get install fail2ban | ||
+ | |||
+ | Editer le fichier : | ||
+ | vim /etc/fail2ban/jail.conf | ||
+ | |||
+ | Exemple de configuration : | ||
+ | [apache] | ||
+ | | ||
+ | enabled = true | ||
+ | port = http,https | ||
+ | filter = apache-auth | ||
+ | logpath = /var/log/apache*/*error*.log | ||
+ | action = iptables-allports[name=apache, protocol=all] | ||
+ | mail[name=$HOSTNAME, dest="abuse@domain.com", sender=$HOSTNAME] | ||
+ | maxretry = 5 | ||
+ | bantime = 600 | ||
+ | |||
+ | |||
+ | Si besoin modifier le fichier filter pour optimiser l'analyse des logs : | ||
+ | vim /etc/fail2ban/filter.d/apache-auth.conf | ||
+ | |||
+ | Exemple : | ||
+ | # Fail2Ban configuration file | ||
+ | # | ||
+ | # Author: Cyril Jaquier | ||
+ | # | ||
+ | # $Revision: 728 $ | ||
+ | # | ||
+ | | ||
+ | [Definition] | ||
+ | | ||
+ | # Option: failregex | ||
+ | # Notes.: regex to match the password failure messages in the logfile. The | ||
+ | # host must be matched by a group named "host". The tag "<HOST>" can | ||
+ | # be used for standard IP/hostname matching and is only an alias for | ||
+ | # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) | ||
+ | # Values: TEXT | ||
+ | # | ||
+ | failregex = [[[client <HOST>[]] user .* authentication failure | ||
+ | [[]client <HOST>[]] user .* not found | ||
+ | [[]client <HOST>[]] user .* password mismatch | ||
+ | [[[client <HOST>[]] Digest: user .* authentication failure | ||
+ | [[]client <HOST>[]] Digest: user .* not found | ||
+ | [[]client <HOST>[]] Digest: user .* password mismatch | ||
+ | | ||
+ | # Option: ignoreregex | ||
+ | # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
+ | # Values: TEXT | ||
+ | # | ||
+ | ignoreregex = | ||
+ | |||
+ | Redémarrer fail2ban : | ||
+ | |||
+ | /etc/init.d/fail2ban restart |