Exemple d'installation et de configuration sous Debian avec apache :
Installation :
apt-get install fail2ban
Editer le fichier :
vim /etc/fail2ban/jail.conf
Exemple de configuration :
[apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache*/*error*.log action = iptables-allports[name=apache, protocol=all] mail[name=$HOSTNAME, dest="abuse@domain.com", sender=$HOSTNAME] maxretry = 5 bantime = 600
Si besoin modifier le fichier filter pour optimiser l'analyse des logs :
vim /etc/fail2ban/filter.d/apache-auth.conf
Exemple :
# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 728 $ # [Definition] # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = [[[client <HOST>[]] user .* authentication failure [[]client <HOST>[]] user .* not found [[]client <HOST>[]] user .* password mismatch [[[client <HOST>[]] Digest: user .* authentication failure [[]client <HOST>[]] Digest: user .* not found [[]client <HOST>[]] Digest: user .* password mismatch # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
Redémarrer fail2ban :
/etc/init.d/fail2ban restart