Hi guys,
I just installed fail2ban as follows:
I then added the following to the new jail.local
created /usr/local/etc/fail2ban/filter.d/nginx-filenotfound.conf
created /usr/local/etc/fail2ban/filter.d/nginx-authfail.conf
and lastly I changed /usr/local/etc/fail2ban/action.d/pf.conf
When I start fail2ban
Can anyone help me understand where I went wrong please?
Thank you.
Fred
I just installed fail2ban as follows:
Code:
cd /usr/ports/security/py-fail2ban/ && make install clean
echo 'fail2ban_enable="YES"' >> /etc/rc.conf
cp /usr/local/etc/fail2ban/jail.conf /usr/local/etc/fail2ban/jail.local
Code:
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 6000
findtime = 6000
backend = auto
action = pf
[nginx-filenotfound]
enabled = true
port = http,https
filter = nginx-filenotfound
logpath = /usr/jails/nginxjail/usr/local/www/docs/*/logs/error.log
maxretry = 10
[nginx-authfail]
enable = true
port = http,https
filter = nginx-authfail
logpath = /usr/local/www/webs/example.com/logs/error80.log
maxretry = 10
Code:
[Definition]
# search for specified file extensions
#failregex .*\[error\].open\(\) "\S*(\.php|\.asp|\.html|\.js)\S*" failed.*client: ,.*
# if there is any error because a dir or file was not found
failregex = .*\[error\].*failed.*No such file or directory.*client: ,.*
ignoreregex =
Code:
[Definition]
failregex = .*\[error\].*no user/password was provided for basic authentication.*client: ,.*
.*\[error\].*user .* was not found in.*client: ,.*
.*\[error\].*user .* password mismatch.*client: ,.*
ignoreregex =
Code:
...
actionban = pfctl -t fail2ban -T add
actionunban = pfctl -t fail2ban -T delete
...
When I start fail2ban
/usr/local/etc/rc.d/fail2ban start
I get the following in the fail2ban.log file
Code:
2013-10-16 22:02:35,203 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.10
2013-10-16 22:02:35,224 fail2ban.jail : INFO Creating new jail 'nginx-filenotfound'
2013-10-16 22:02:35,226 fail2ban.jail : INFO Jail 'nginx-filenotfound' uses poller
2013-10-16 22:02:35,406 fail2ban.jail : INFO Initiated 'polling' backend
2013-10-16 22:02:35,431 fail2ban.filter : INFO Added logfile = /usr/local/www/webs/example.com/logs/error80.log
2013-10-16 22:02:35,433 fail2ban.filter : INFO Set maxRetry = 10
2013-10-16 22:02:35,437 fail2ban.filter : INFO Set findtime = 6000
2013-10-16 22:02:35,439 fail2ban.actions: INFO Set banTime = 6000
2013-10-16 22:02:35,443 fail2ban.filter : ERROR No 'host' group in '.*\[error\].*failed.*No such file or directory.*client: ,.*'
2013-10-16 22:02:35,443 fail2ban.comm : WARNING Command ['set', 'nginx-filenotfound', 'addfailregex', '.*\\[error\\].*failed.*No such file or directory.*client: ,.*'] has failed. Received RegexException("No 'host' group in '.*\\[error\\].*failed.*No such file or directory.*client: ,.*'",)
Can anyone help me understand where I went wrong please?
Thank you.
Fred