Configuration files for fail2ban
Jany
4 days ago
commit
f6d427043a
@ -0,0 +1,16 @@
|
||||
# Fail2Ban filter to match bad requests to nginx
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
# The request often doesn't contain a method, only some encoded garbage
|
||||
# This will also match requests that are entirely empty
|
||||
failregex = ^<HOST> - \S+ \[\] "[^"]*" 400
|
||||
|
||||
datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
|
||||
^[^\[]*\[({DATE})
|
||||
{^LN-BEG}
|
||||
|
||||
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
||||
|
||||
# Author: Jan Przybylak
|
||||
@ -0,0 +1,7 @@
|
||||
[Definition]
|
||||
# IMPORTANTE: con nginx datepattern, el timestamp se representa como [] en los regex
|
||||
# Ejemplo interno esperado:
|
||||
# 200.55.173.164 - - [] "POST /aup/login.html?... HTTP/1.1" 200 20364 "-" "Mozilla/5.0"
|
||||
|
||||
failregex = ^<HOST>\s+-\s+\S+\s+\[\]\s+"(?:GET|POST|HEAD|OPTIONS|PUT|DELETE|PATCH)\s+[^"]*\?[^"]*(?:allow_url_include|auto_prepend_file|php://input|EXEC|owasp\.org|/etc/passwd)[^"]*"\s+\d{3}\s+\d+\s+"[^"]*"\s+"[^"]*"
|
||||
ignoreregex =
|
||||
@ -0,0 +1,91 @@
|
||||
[DEFAULT]
|
||||
bantime.increment = true
|
||||
bantime.rndtime = 30m
|
||||
bantime.maxtime = 60d
|
||||
bantime.factor = 2
|
||||
bantime.formula = ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)
|
||||
bantime.overalljails = true
|
||||
#banaction = iptables-multiport
|
||||
banaction =ufw
|
||||
action = %(action_)s
|
||||
#chain = input
|
||||
chain = INPUT
|
||||
|
||||
maxretry = 3
|
||||
bantime = 3h
|
||||
findtime = 10m
|
||||
ignoreip = 127.0.0.1 173.212.248.254 217.160.175.146 38.242.192.137
|
||||
|
||||
|
||||
|
||||
|
||||
destemail = jgv1404@gmail.com danielhg1285@gmail.com
|
||||
sender = fail2ban@ctcon.appollo.cloud
|
||||
sendername = Fail2Ban Nginx Scanner Alert
|
||||
mta = sendmail
|
||||
|
||||
[recidive]
|
||||
enabled = true
|
||||
bantime = 9w
|
||||
findtime = 3d
|
||||
backend = systemd
|
||||
|
||||
[sshd]
|
||||
enabled = true
|
||||
port = 9022
|
||||
banaction = iptables-multiport
|
||||
logpath = /var/log/auth.log
|
||||
filter = sshd
|
||||
backend = systemd
|
||||
|
||||
[nginx-botsearch]
|
||||
enabled = true
|
||||
filter = nginx-botsearch
|
||||
logpath = /var/log/nginx/access.log
|
||||
port = http,https
|
||||
maxretry = 6
|
||||
findtime = 120
|
||||
bantime = 1h
|
||||
backend = polling
|
||||
|
||||
|
||||
[nginx-limit-req]
|
||||
enabled = true
|
||||
filter = nginx-limit-req
|
||||
logpath = /var/log/nginx/error.log
|
||||
port = http,https
|
||||
maxretry = 5
|
||||
findtime = 60
|
||||
bantime = 30m
|
||||
backend = polling
|
||||
|
||||
[nginx-bad-request]
|
||||
enabled = true
|
||||
filter = nginx-bad-request
|
||||
logpath = /var/log/nginx/access.log
|
||||
port = http,https
|
||||
maxretry = 3
|
||||
findtime = 300
|
||||
bantime = 2h
|
||||
backend = polling
|
||||
|
||||
[nginx-http-auth]
|
||||
enabled = false
|
||||
filter = nginx-http-auth
|
||||
logpath = /var/log/nginx/error.log
|
||||
port = http,https
|
||||
maxretry = 5
|
||||
findtime = 600
|
||||
bantime = 1h
|
||||
backend = polling
|
||||
|
||||
[nginx-scan-params]
|
||||
enabled = true
|
||||
filter = nginx-scan-params
|
||||
logpath = /var/log/nginx/access.log
|
||||
port = http,https
|
||||
maxretry = 2
|
||||
findtime = 120
|
||||
bantime = 6h
|
||||
backend = polling
|
||||
action = %(action_mwl)s
|
||||
Loading…
Reference in New Issue