From: Dmitriy Kruglikov <dmitriy.kruglikov@gmail.com> To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org> Subject: [Sysadmins] Fail2ban не ловит мышей. Date: Thu, 20 Sep 2012 11:24:09 +0300 Message-ID: <CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com> (raw) Доброго времени суток, уважаемые. Столкнулся с проблемкой. Есть fail2ban, есть лог, есть правило... [lighttpd-bot] enabled = true filter = lighttpd-404 logpath = /var/lib/vz/root/220/var/log/lighttpd/access.log action = iptables-allports[name=LigHTTPd] sendmail[name=LigHTTPd, dest=monit_alert@turbosms.ua, sender=fail2ban_on_colocation@turbosms.ua] bantime = 3600 findtime = 60 maxretry = 5 В lighttpd-404 прописано failregex = ^<HOST> -.*"(GET|POST).* HTTP\/.*" .* 404 .*$ fail2ban-regex /var/lib/vz/root/220/var/log/lighttpd/access.log /etc/fail2ban/filter.d/lighttpd-404.conf среди прочего сообщает о том, что Success, the total number of match is 176 Например 174.143.169.191 (Wed Sep 19 14:01:31 2012) 174.143.169.191 (Wed Sep 19 14:01:31 2012) 174.143.169.191 (Wed Sep 19 14:01:31 2012) 174.143.169.191 (Wed Sep 19 14:01:32 2012) 174.143.169.191 (Wed Sep 19 14:01:32 2012) 174.143.169.191 (Wed Sep 19 14:01:32 2012) за минуту 6 обращений, соответствующих правилу, но факта блокировки нет. Пробовал как backend = polling, так и backend = gamin Вопос: Где я протупил, почему не работает блокировка? P.S. fail2ban-0.8.4-alt4.1.1 -- Best regards, Dmitriy Kruglikov.
next reply other threads:[~2012-09-20 8:24 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-09-20 8:24 Dmitriy Kruglikov [this message] 2012-09-20 9:39 ` Anton Kvashin 2012-09-20 10:08 ` Dmitriy Kruglikov 2012-09-20 10:30 ` Anton Kvashin 2012-09-21 6:02 ` Dmitriy Kruglikov 2012-09-26 11:43 ` Денис Смирнов 2012-09-26 11:46 ` Dmitriy Kruglikov 2012-09-29 18:44 ` Евгений Терешков 2012-09-30 8:59 ` Dmitriy Kruglikov 2012-09-30 9:33 ` Денис Смирнов 2012-09-30 10:24 ` Евгений Терешков 2012-09-30 10:54 ` Dmitriy Kruglikov 2012-09-30 9:34 ` Денис Смирнов 2012-09-30 10:56 ` Евгений Терешков
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAC4WpAwzGDoZym1P6g7xnyFYWyjgU-wbKufAQbksJ3SqbTpWag@mail.gmail.com \ --to=dmitriy.kruglikov@gmail.com \ --cc=sysadmins@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux sysadmins discussion This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \ sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com public-inbox-index sysadmins Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sysadmins AGPL code for this site: git clone https://public-inbox.org/public-inbox.git