Fail2ban監獄不檢測失敗（並且不禁止）

Question

我試圖爲fail2ban創建一個自己的過濾器來檢測嘗試失敗的HTTP身份驗證。它在使用fail2ban-regex進行測試時運行，但不在運行環境中運行。

/etc/fail2ban/jail.local

... 
[DEFAULT] 
bantime = 600 
... 
[nginx-user-auth] 
enabled = true 
filter = nginx-user-auth 
port = http,https 
logpath = /var/log/nginx/error.log 
backend = polling 
maxretry = 6 
... 

/etc/fail2ban/filter.d/nginx-user-auth.conf

[Definition] 
failregex = user .*? password mismatch, client: <HOST> 
     user .*? was not found in .*?, client: <HOST> 
ignoreregex = 

當測試：

root@debian:~# fail2ban-regex /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-user-auth.conf 
... 
Success, the total number of match is 54 
... 

它也顯示我正確的IP和日期/時間。

但監獄沒有檢測到單一的失敗的登錄嘗試：

root@debian:~# fail2ban-client status nginx-user-auth 
Status for the jail: nginx-user-auth 
|- filter 
| |- File list:  /var/log/nginx/error.log 
| |- Currently failed: 0 
| `- Total failed:  0 
`- action 
    |- Currently banned: 0 
    | `- IP list: 
    `- Total banned:  0 

其他監獄的工作完美。我完全不知道我犯了什麼錯誤。

在此先感謝！

Answer 1

來到您的示例，我從中啓發並使用了我的配置，它正在工作。
在第一個正則表達式中，在用戶。*？之後注意「：」，併爲其他正則表達式添加第二個「failregex」後綴。

/etc/fail2ban/filter.d/nginx-auth.conf
failregex = user .*?: password mismatch, client: <HOST>
failregex = user .*? was not found in .*?, client: <HOST>

Status for the jail: nginx-auth
|- filter
| |- File list: /var/log/nginx/error.log
| |- Currently failed: 0
| `- Total failed: 6
`- action
|- Currently banned: 1
| `- IP list: x.x.x.x
`- Total banned: 1

Answer 2

這可能是由於發生在的的fail2ban您所安裝的版本中的錯誤。我與我的Ubuntu版本（0.8.4）分發的fail2ban版本有完全相同的問題。從源代碼安裝fail2ban 0.8.10後，我的nginx過濾器開始工作。

在fail2ban Github頁面上有幾處提到此問題的問題（它們現在已關閉並修復）。