Difference between revisions of "Fail2ban"
(add status help) |
(documenting weirdness) |
||
Line 36: | Line 36: | ||
# Values: TEXT | # Values: TEXT | ||
# | # | ||
− | failregex = ^<HOST> -.* | + | failregex = ^<HOST> -.*�POST.* |
# Option: ignoreregex | # Option: ignoreregex | ||
# Notes.: regex to ignore. If this regex matches, the line is ignored. | # Notes.: regex to ignore. If this regex matches, the line is ignored. | ||
Line 62: | Line 62: | ||
fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status | fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status | ||
</source> | </source> | ||
+ | |||
+ | == Restarts == | ||
+ | If you change a jail, or otherwise want to restart fail2ban, you can try the SystemD service manager: <code>systemctl reload fail2ban</code>. But, strangely that reports an error on freephile (because it's already running) and a <code>systemctl status fail2ban</code> says that it's FAILED. Even <code>systemctl list-units</code> says it's failed. However, <code>ps axjf</code> shows it running and <code>/usr/bin/fail2ban-client ping</code> gets a 'pong' from the server. It looks like there are two installations (/usr/bin and /bin) but they both report the same thing (and the files are identical) | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 17:15, 22 August 2018
Blocking spammers from your wiki[edit | edit source]
If you have a public wiki that allows content creation for registered users and also registration without email confirmation and/or account approval, they you're going to get hit by spammers. This should be taken care of by tighter configuration in Meza, but for perhaps testing open access, you can still prevent other users from spamming your wiki using Fail2ban
- cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Then Add this to your /etc/fail2ban/jail.local file
#
# HTTP servers
#
# block spammers posting create-user and login on the wiki
[apache-post]
enabled = true
filter = apache-post
action = iptables[name=httpd, port=8080, protocol=tcp]
sendmail-whois[name=post_block, dest=you@example.com]
logpath = /var/log/httpd/access_log
findtime = 120
bantime = 183600
maxretry = 2
Make sure you create the filter which is invoked by the above configuration
cat /etc/fail2ban/filter.d/apache-post.conf
# Fail2Ban configuration file
#
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# abovementioned bots.
# Values: TEXT
#
failregex = ^<HOST> -.*�POST.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
## Ignore our address
## You can leave this empty if you've added your address already in .local as a default
ignoreregex = 99\.999\.9\.99
More[edit | edit source]
tldr;
- add a bunch of '
enabled = true
' after the filters you want - add port 8080 to any apache rules since Meza is listening on 8080
:%s/https/https,8080/
- restart the service
service restart fail2ban
Test[edit | edit source]
sudo fail2ban-client status sudo fail2ban-client status apache-post
Status[edit | edit source]
If you have many jails, and want to see the status of each of them, there is no built-in --all
option for fail2ban-client status
but you can just use a simple short script:
fail2ban-client status | sed -n 's/,//g;s/.*Jail list://p' | xargs -n1 fail2ban-client status
Restarts[edit | edit source]
If you change a jail, or otherwise want to restart fail2ban, you can try the SystemD service manager: systemctl reload fail2ban
. But, strangely that reports an error on freephile (because it's already running) and a systemctl status fail2ban
says that it's FAILED. Even systemctl list-units
says it's failed. However, ps axjf
shows it running and /usr/bin/fail2ban-client ping
gets a 'pong' from the server. It looks like there are two installations (/usr/bin and /bin) but they both report the same thing (and the files are identical)