我試圖爲fail2ban創建一個自己的過濾器來檢測嘗試失敗的HTTP身份驗證。它在使用fail2ban-regex進行測試時運行,但不在運行環境中運行。Fail2ban監獄不檢測失敗(並且不禁止)
/etc/fail2ban/jail.local
...
[DEFAULT]
bantime = 600
...
[nginx-user-auth]
enabled = true
filter = nginx-user-auth
port = http,https
logpath = /var/log/nginx/error.log
backend = polling
maxretry = 6
...
/etc/fail2ban/filter.d/nginx-user-auth.conf
[Definition]
failregex = user .*? password mismatch, client: <HOST>
user .*? was not found in .*?, client: <HOST>
ignoreregex =
當測試:
[email protected]:~# fail2ban-regex /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-user-auth.conf
...
Success, the total number of match is 54
...
它也顯示我正確的IP和日期/時間。
但監獄沒有檢測到單一的失敗的登錄嘗試:
[email protected]:~# fail2ban-client status nginx-user-auth
Status for the jail: nginx-user-auth
|- filter
| |- File list: /var/log/nginx/error.log
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
其他監獄的工作完美。我完全不知道我犯了什麼錯誤。
在此先感謝!