From: Dmitriy Kruglikov <dmitriy.kruglikov@gmail.com>
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] Fail2ban не ловит мышей.
Date: Thu, 20 Sep 2012 11:24:09 +0300
Message-ID: <CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com> (raw)
Доброго времени суток, уважаемые.
Столкнулся с проблемкой.
Есть fail2ban, есть лог, есть правило...
[lighttpd-bot]
enabled = true
filter = lighttpd-404
logpath = /var/lib/vz/root/220/var/log/lighttpd/access.log
action = iptables-allports[name=LigHTTPd]
sendmail[name=LigHTTPd, dest=monit_alert@turbosms.ua,
sender=fail2ban_on_colocation@turbosms.ua]
bantime = 3600
findtime = 60
maxretry = 5
В lighttpd-404 прописано
failregex = ^<HOST> -.*"(GET|POST).* HTTP\/.*" .* 404 .*$
fail2ban-regex /var/lib/vz/root/220/var/log/lighttpd/access.log
/etc/fail2ban/filter.d/lighttpd-404.conf
среди прочего сообщает о том, что Success, the total number of match is 176
Например
174.143.169.191 (Wed Sep 19 14:01:31 2012)
174.143.169.191 (Wed Sep 19 14:01:31 2012)
174.143.169.191 (Wed Sep 19 14:01:31 2012)
174.143.169.191 (Wed Sep 19 14:01:32 2012)
174.143.169.191 (Wed Sep 19 14:01:32 2012)
174.143.169.191 (Wed Sep 19 14:01:32 2012)
за минуту 6 обращений, соответствующих правилу, но факта блокировки нет.
Пробовал как backend = polling, так и backend = gamin
Вопос: Где я протупил, почему не работает блокировка?
P.S.
fail2ban-0.8.4-alt4.1.1
--
Best regards,
Dmitriy Kruglikov.
next reply other threads:[~2012-09-20 8:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-20 8:24 Dmitriy Kruglikov [this message]
2012-09-20 9:39 ` Anton Kvashin
2012-09-20 10:08 ` Dmitriy Kruglikov
2012-09-20 10:30 ` Anton Kvashin
2012-09-21 6:02 ` Dmitriy Kruglikov
2012-09-26 11:43 ` Денис Смирнов
2012-09-26 11:46 ` Dmitriy Kruglikov
2012-09-29 18:44 ` Евгений Терешков
2012-09-30 8:59 ` Dmitriy Kruglikov
2012-09-30 9:33 ` Денис Смирнов
2012-09-30 10:24 ` Евгений Терешков
2012-09-30 10:54 ` Dmitriy Kruglikov
2012-09-30 9:34 ` Денис Смирнов
2012-09-30 10:56 ` Евгений Терешков
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com \
--to=dmitriy.kruglikov@gmail.com \
--cc=sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git