Jerry的灌水乐园

我希望你,和我一样满腔热血,心头带伤。要狠,狠得象狼敢叫万夫莫当;要傲,傲得象兰高挂一脸秋霜。 ...

Nginx + fail2ban 提高安全性

通过Nginx做web server时,发现error.log中有很多连接尝试,这个时候fail2ban可以比较好的对付这些爬虫,探测程序等。

1. Policy配置

# Install fail2ban
sudo apt-get install fail2ban

# Copy jail.conf at /etc/fail2ban/jail.local and edit it.

[nginx-noscript]

enabled = true
port = http,https
filter = nginx-noscript
logpath = /usr/local/nginx-1.8.0/logs/error.log
maxretry = 1
findtime = 60
bantime = 7200

# Create /etc/fail2ban/filter.d/nginx-noscript.conf

[Definition]

failregex = ^.*(.*\.php).*failed.*client: ,.*"$

ignoreregex =


# To block php script attack.

# Restart fail2ban service
sudo service fail2ban restart

# fail2ban Logs
/var/log/fail2ban.log

# Debug filter
fail2ban-regex /usr/local/nginx-1.8.0/logs/error.log /etc/fail2ban/filter.d/nginx-noscript.conf

# List all rule in iptables
sudo iptables -L --line-numbers

# Remove some rule added by fail2ban, n is rule id.
sudo iptables -D fail2ban-nginx-noscript n


2. 查找分析Log

因为fail2ban会定期备份日志,所以需要查看IP地址时需要对所有的log进行查找,可以用zgrep 

        zgrep -c 210.213. /var/log/fail2ban.


3. 配置文件

     /etc/fail2ban/fail2ban.


4. Log rotate 配置  /etc/logrotate.d/fail2ban

  1 /var/log/fail2ban.log {
  2    
  3     weekly
  4     rotate 4
  5     compress
  6 
  7     delaycompress
  8     missingok
  9     postrotate
 10     fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
 11     endscript
 12 
 13     # If fail2ban runs as non-root it still needs to have write access
 14     # to logfiles.
 15     # create 640 fail2ban adm
 16     create 640 root adm
 17 }


5. Permanently Ban Repeat Offenders With Fail2Ban


Avatar for Todd


阅读更多
个人分类: 技术杂谈
上一篇Linux下命令杂谈
下一篇ComEmu配置
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭