Shaun Reed e0ac2fbeac | ||
---|---|---|
.. | ||
README.md | ||
jail.local | ||
nginx-nohome.conf | ||
nginx-noproxy.conf | ||
nginx-noscript.conf |
README.md
####Fail2ban
Be sure to configure mail notifications if you plan to use them. Found in jail.local -
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = user@gmail.com
# Sender email address used solely for some actions
sender = admin@hostname
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = mail
# Default protocol
protocol = tcp
Default fail2ban action set to action = %(action_mwl)s
These configurations can be used to activate the below jails within fail2ban -
[nginx-noproxy]
enabled = true
port = http,https
filter = nginx-noproxy
logpath = /var/log/nginx/access.log
maxretry = 2
[nginx-nohome]
enabled = true
port = http,https
filter = nginx-nohome
logpath = /var/log/nginx/access.log
maxretry = 2
[nginx-badbots]
enabled = true
port = http,https
filter = nginx-badbots
logpath = /var/log/nginx/access.log
maxretry = 2
[nginx-noscript]
enabled = true
port = http,https
filter = nginx-noscript
logpath = /var/log/nginx/access.log
maxretry = 6
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
ignoreregex = details.
#mode = normal
enabled = true
port = 22
logpath = %(sshd_log)s
backend = %(sshd_backend)s
The following filters are also included, which are required to exist within the /etc/fail2ban/filter.d/
directory. All other jails within this configuration are provided with the default installation of fail2ban on Ubuntu.
# /etc/fail2ban/filter.d/nginx-noscript.conf
[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
ignoreregex =
# /etc/fail2ban/filter.d/nginx-nohome.conf
[Definition]
failregex = ^<HOST> -.*GET .*/~.*
ignoreregex =
# /etc/fail2ban/filter.d/nginx-noproxy.conf
[Definition]
failregex = ^<HOST> -.*GET http.*
ignoreregex =
To use these configurations, nginx must be running on the host. Run the commands below to apply them.
git clone https://github.com/shaunrd0/klips;
sudo cp klips/configs/fail2ban/jail.local /etc/fail2ban/jail.local;
sudo cp klips/configs/fail2ban/nginx* /etc/fail2ban/filter.d/;
sudo systemctl restart fail2ban;
sudo fail2ban-client status;