Difference between revisions of "Fail2ban"

From Freephile Wiki
Jump to navigation Jump to search
VisualWikitext
(documenting weirdness)
(Created page with "== Blocking spammers from your wiki == If you have a public wiki that allows content creation for registered users and also registration without email confirmation and/or acc...")
(2 intermediate revisions by the same user not shown)
Line 36: Line 36:
 
# Values: TEXT
 
# Values: TEXT
 
#
 
#
failregex = ^<HOST> -.*�POST.*
+
failregex = ^<HOST> -.*.*
 
# Option: ignoreregex
 
# Option: ignoreregex
 
# Notes.: regex to ignore. If this regex matches, the line is ignored.
 
# Notes.: regex to ignore. If this regex matches, the line is ignored.
Line 44: Line 44:
 
ignoreregex = 99\.999\.9\.99
 
ignoreregex = 99\.999\.9\.99
 
</source>
 
</source>
 
== More ==
 
tldr;
 
# add a bunch of '<code>enabled  = true</code>' after the filters you want
 
# add port 8080 to any apache rules since Meza is listening on 8080 <code>:%s/https/https,8080/</code>
 
# restart the service <code>service restart fail2ban</code>
 
 
See https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
 
 
== Test ==
 
sudo fail2ban-client status
 
sudo fail2ban-client status apache-post
 
 
== Status ==
 
If you have many jails, and want to see the status of each of them, there is no built-in <code>--all</code> option for '''<code>fail2ban-client status</code>''' but you can just use a simple short script:
 
<source lang="bash">
 
fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status
 
</source>
 
 
== Restarts ==
 
If you change a jail, or otherwise want to restart fail2ban, you can try the SystemD service manager: <code>systemctl reload fail2ban</code>. But, strangely that reports an error on freephile (because it's already running) and a <code>systemctl status fail2ban</code> says that it's FAILED.  Even <code>systemctl list-units</code> says it's failed. However, <code>ps axjf</code> shows it running and <code>/usr/bin/fail2ban-client ping</code> gets a 'pong' from the server. It looks like there are two installations (/usr/bin and /bin) but they both report the same thing (and the files are identical)
 
  
 
[[Category:Security]]
 
[[Category:Security]]
Line 70: Line 49:
 
[[Category:Firewall]]
 
[[Category:Firewall]]
 
[[Category:SSH]]
 
[[Category:SSH]]
[[Category:QualityBox]]
 

Revision as of 16:39, 27 October 2017

Retrieved from "https://wiki.freephile.org/wiki/index.php?title=Fail2ban&oldid=8675"