fail2ban-regex测试ignoreregex没有效果的问题

发表时间:2018-10-17 13:35 | 分类:Linux | 浏览:1,523 次

在filter.d中定义好过滤规则,例如:suhosin.conf

[Definition]
failregex = suhosin\[\d*\].*\(attacker\s'<HOST>'.*
ignoreregex = suhosin\[\d*\].*(memory_limit).*\(attacker\s'<HOST>'.*

日志:

Dec 17 15:51:13 server suhosin[27622]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable      'action' (attacker '67.210.100.166', file '/bla.php')
Dec 17 15:51:13 server suhosin[27624]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'board' (attacker '67.210.100.166', file '/bla.php')
Dec 17 15:51:13 server suhosin[27624]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'topic' (attacker '67.210.100.166', file '/bla.php')
Dec 20 18:58:21 server suhosin[4088]: ALERT - script tried to increase memory_limit to 120000000 bytes which is above the allowed value (attacker '123.123.123.123', file '/bla.php', line 10)
Dec 20 18:58:32 server suhosin[4051]: ALERT - script tried to increase memory_limit to 120000000 bytes which is above the allowed value (attacker '123.123.123.123', file '/bla.php', line 10)

如果用这个命令可能会发现忽略的正则没有生效。

fail2ban-regex error.log /etc/fail2ban/filter.d/suhosin.conf

看了说明,原来fail2ban-regex的语法格式类似是这样的。

[        DISCUZ_CODE_59        ]gt; /usr/bin/fail2ban-regex | head
Usage: /usr/bin/fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]

把测试命令写成这样就可以了。。。

fail2ban-regex error.log /etc/fail2ban/filter.d/suhosin.conf /etc/fail2ban/filter.d/suhosin.conf

参考连接:https://github.com/fail2ban/fail2ban/issues/100

本文标签:

本文链接:https://www.sijitao.net/2822.html

欢迎您在本博客中留下评论,如需转载原创文章请注明出处,谢谢!

一键脚本 博客历程 留言联系 文章归档 网站地图 谷歌地图
Copyright © 2010-2024 章郎虫博客 All Rights Reserved.