nginx – 即使正则表达式匹配,fail2ban也不会处理jail

本站教程收集整理的这篇文章主要介绍了nginx – 即使正则表达式匹配,fail2ban也不会处理jail，本站教程本站觉得挺不错的，现在分享给大家，也给大家做个参考。

我无法设置fail2ban来检查Nginx错误日志中是否存在失败的http auth条目.即使提供的failregex工作,fail2ban似乎只是跳过jail配置.

我已经尝试将loglevel设置为4,但是没有关于Nginx jail的任何失败的信息.另外我认为日志文件中的时间戳必须与系统时间相匹配,当然情况就是这样.

奇怪的是,我设置的其他监狱(ssh)完美无缺.我没有想法,也许你有一个.希望您能获得所需的所有信息.谢谢.

fail2ban.conf

[DeFinition]

loglevel = 3
logtarget = /var/example/logs/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock

jail.conf

[DEFAULT]

ignoreip = 127.0.0.1
bantime  = 60
findtime = 600
maxretry = 3
BACkend  = auto

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables-allports[name=SSH,protocol=all]
logpath  = /var/log/auth.log

[Nginx]

enabled = true
filter  = Nginx-auth
action   = iptables-allports[name=Nginx,protocol=all]
logpath = /var/example/logs/Nginx-error.log

filter.d / Nginx的-auth.conf

[DeFinition]

failregex = no user/password was provided for basic authentication.*client: noreregex = 

fail2ban-regex /var/example/logs/Nginx-error.log /var/example/config/fail2ban/filter.d/Nginx-auth.conf

Running tests
=============

Use regex file : /var/example/config/fail2ban/filter.d/Nginx-auth.conf
Use log file   : /var/example/logs/Nginx-error.log

Results
=======

Failregex
|- Regular expressions:
|  [1] no user/password was provided for basic authentication.*client: noreregex
|- Regular expressions:
|
`- number of matches:

SumMary
=======

Addresses found:
[1]
192.168.153.1 (Fri Sep 02 14:07:54 2011)
192.168.153.1 (Fri Sep 02 14:07:54 2011)
192.168.153.1 (Fri Sep 02 14:07:55 2011)
192.168.153.1 (Fri Sep 02 14:07:55 2011)
192.168.153.1 (Fri Sep 02 14:07:55 2011)
192.168.153.1 (Fri Sep 02 14:07:55 2011)
192.168.153.1 (Fri Sep 02 14:07:56 2011)
192.168.153.1 (Fri Sep 02 14:07:56 2011)
192.168.153.1 (Fri Sep 02 14:07:56 2011)
192.168.153.1 (Fri Sep 02 14:07:56 2011)
192.168.153.1 (Fri Sep 02 14:07:56 2011)
192.168.153.1 (Fri Sep 02 14:07:57 2011)
192.168.153.1 (Fri Sep 02 14:07:57 2011)
192.168.153.1 (Fri Sep 02 14:07:57 2011)
192.168.153.1 (Fri Sep 02 14:07:57 2011)
192.168.153.1 (Fri Sep 02 14:07:57 2011)
192.168.153.1 (Fri Sep 02 14:07:58 2011)
192.168.153.1 (Fri Sep 02 14:07:58 2011)
192.168.153.1 (Fri Sep 02 14:07:58 2011)
192.168.153.1 (Fri Sep 02 14:07:59 2011)
192.168.153.1 (Fri Sep 02 14:07:59 2011)
192.168.153.1 (Fri Sep 02 14:07:59 2011)
192.168.153.1 (Fri Sep 02 14:07:59 2011)
192.168.153.1 (Fri Sep 02 14:08:00 2011)
192.168.153.1 (Fri Sep 02 14:08:00 2011)
192.168.153.1 (Fri Sep 02 14:08:00 2011)
192.168.153.1 (Fri Sep 02 14:08:01 2011)
192.168.153.1 (Fri Sep 02 14:08:01 2011)
192.168.153.1 (Fri Sep 02 14:08:01 2011)
192.168.153.1 (Fri Sep 02 14:08:01 2011)
192.168.153.1 (Fri Sep 02 14:08:01 2011)
192.168.153.1 (Fri Sep 02 14:08:02 2011)
192.168.153.1 (Fri Sep 02 14:08:02 2011)
192.168.153.1 (Fri Sep 02 14:08:02 2011)
192.168.153.1 (Fri Sep 02 14:08:02 2011)
192.168.153.1 (Fri Sep 02 14:08:03 2011)
192.168.153.1 (Fri Sep 02 14:08:03 2011)
192.168.153.1 (Fri Sep 02 14:08:03 2011)
192.168.153.1 (Fri Sep 02 14:08:03 2011)
192.168.153.1 (Fri Sep 02 14:08:03 2011)
192.168.153.1 (Fri Sep 02 14:08:04 2011)
192.168.153.1 (Fri Sep 02 14:08:04 2011)
192.168.153.1 (Fri Sep 02 14:08:05 2011)
192.168.153.1 (Fri Sep 02香港vps 14:08:05 2011)
192.168.153.1 (Fri Sep 02 14:08:05 2011)
192.168.153.1 (Fri Sep 02 14:08:05 2011)
192.168.153.1 (Fri Sep 02 14:08:05 2011)
192.168.153.1 (Fri Sep 02 14:08:05 2011)
192.168.153.1 (Fri Sep 02 14:08:08 2011)
192.168.153.1 (Fri Sep 02 14:08:09 2011)
192.168.153.1 (Fri Sep 02 14:08:10 2011)
192.168.153.1 (Fri Sep 02 14:08:10 2011)
192.168.153.1 (Fri Sep 02 14:08:10 2011)
192.168.153.1 (Fri Sep 02 14:08:10 2011)
192.168.153.1 (Fri Sep 02 14:08:11 2011)
192.168.153.1 (Fri Sep 02 14:08:11 2011)
192.168.153.1 (Fri Sep 02 14:08:11 2011)
192.168.153.1 (Fri Sep 02 14:08:11 2011)
192.168.153.1 (Fri Sep 02 14:08:12 2011)
192.168.153.1 (Fri Sep 02 14:08:12 2011)
[2]
[3]

Date template hits:
0 hit(s): MONTH Day Hour:minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:minute:Second
240 hit(s): Year/Month/Day Hour:minute:Second
0 hit(s): Day/Month/Year Hour:minute:Second
0 hit(s): Day/Month/Year Hour:minute:Second
0 hit(s): Day/MONTH/Year:Hour:minute:Second
0 hit(s): Month/Day/Year:Hour:minute:Second
0 hit(s): Year-Month-Day Hour:minute:Second
0 hit(s): Day-MONTH-Year Hour:minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:minute:Second
0 hit(s): 

最佳答案
我遇到了同样的问题 – 事实证明这是一个时区问题.

当syslogd / sshd启动时,我在GMT上,所以/ var / log / secure和/ var / log / messages在GMT中写下了他们的时间戳.但是,我将tzdata修复为我的本地时区,然后启动fail2ban.现在,fail2ban感到困惑,因为所有事件都比它的时间提前了7个小时,因此不在“寻找时间”范围内.

简单的解决方案是简单地重新启动syslogd和sshd,以便他们获取新的时区.现在,fail2ban就像一个冠军.

本站总结

以上是本站教程为你收集整理的nginx – 即使正则表达式匹配,fail2ban也不会处理jail全部内容，希望文章能够帮你解决nginx – 即使正则表达式匹配,fail2ban也不会处理jail所遇到的程序开发问题。

如果觉得本站教程网站内容还不错，欢迎将本站教程推荐给好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。