Thread Perl und Fail2Ban (15 answers)
Opened by Gast at 2021-07-20 13:34

GwenDragon
 2021-07-20 15:42
#193435 #193435
User since
2005-01-17
14077 articles
Admin1
[Homepage]
user image
Meine Idee (ungetestet) ist so:

1. IP in eine Logdatei badip.log schreiben
Block 54.174.123.144

2. in Fail2ban einen Filter hinzufügen

Filter blockip.conf
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Fail2Ban filter for block of IPs

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#

# log file:
# Block 54.174.123.144
#
failregex = Block.*<HOST>

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#

ignoreregex =


3. Jail benutzen, die sofort und dauerhaft sperrt.

Abschnitt in jail.local (Anpassung nötig!):
Code: (dl )
1
2
3
4
5
6
7
[blockip]
maxretry = 1
bantime = -1
enabled = true
filter = blockip
action = iptables-multiport[name=blockip, port="http,https"]
logpath = /var/www/vhosts/example.com/logs/badip.log

Last edited: 2021-07-20 16:59:00 +0200 (CEST)
die Drachin, Gwendolyn


Unterschiedliche Perl-Versionen auf Windows (fast wie perlbrew) • Meine Perl-Artikel

View full thread Perl und Fail2Ban