fail2ban过滤器有点问题,出于某种原因,它在10分钟后解除了连接,尽管我将禁令长度设置为一年。你能帮助一个兄弟吗?
过滤器的jail.local声明:
[nginx-proxy]
enabled = true
#port = http,https
action = iptables-multiport[name=NoProxy, port="http,https"]
filter = nginx-proxy
logpath = /etc/nginx/logs/*access*.log
bantime = 31536000 # 1 year
maxretry = 0
[nginx-shellshock]
enabled = true
#port = http,https
action = iptables-multiport[name=ShellShock, port="http,https"]
filter = nginx-shellshock
logpath = /etc/nginx/logs/*access*.log
bantime = 31536000 # 1 year
maxretry = 0
nginx-proxy.conf
[Definition]
failregex = ^<HOST> .* "GET http.*
ignoreregex =
nginx-shellshock.conf
[Definition]
failregex = ^<HOST>.*(s*)s*{[^"]*}s*;[^"]+.*
ignoreregex =
这是我的fail2ban.log文件
2015-10-27 06:21:48,953 fail2ban.jail [8319]: INFO Jail 'nginx-auth' started
2015-10-27 06:21:48,981 fail2ban.jail [8319]: INFO Jail 'nginx-badbots' started
2015-10-27 06:21:49,022 fail2ban.jail [8319]: INFO Jail 'nginx-proxy' started
2015-10-27 06:21:49,062 fail2ban.jail [8319]: INFO Jail 'nginx-shellshock' started
2015-10-27 13:17:40,737 fail2ban.filter [8319]: INFO [nginx-shellshock] Found 108.171.178.73
2015-10-27 13:17:41,667 fail2ban.actions [8319]: NOTICE [nginx-shellshock] Ban 108.171.178.73
2015-10-27 13:17:41,747 fail2ban.filter [8319]: INFO [nginx-shellshock] Found 108.171.178.73
2015-10-27 13:17:41,747 fail2ban.filter [8319]: INFO [nginx-shellshock] Found 108.171.178.73
2015-10-27 13:17:41,880 fail2ban.actions [8319]: NOTICE [nginx-shellshock] 108.171.178.73 already banned
2015-10-27 13:27:42,572 fail2ban.actions [8319]: NOTICE [nginx-shellshock] Unban 108.171.178.73
在故障2服务重启时,我还收到一个关于shellshock bantime设置为none:的错误
2015-10-28 00:29:31,351 fail2ban.transmitter [11600]: WARNING Command ['set', 'nginx-shellshock', 'bantime', 'None'] has failed. Received ValueError("invalid literal for int() with base 10: 'None'",)
非常感谢您的帮助,谢谢。
整个问题都是围绕着我使用注释标签来解决的,显然在fail2ban配置中,注释了整行。将散列标记更改为分号,或者将其放在另一行。