Fail2ban: differenze tra le versioni

Nessun oggetto della modifica
Riga 99: Riga 99:
</pre>
</pre>


=== Apache mod_security ===
=== Apache ===
Se avete configurato il modulo di sicurezza di Apache ''mod_security'' potreste voler attivare un filtro anche per lui.<br/>
Aggiungere in <code>/etc/fail2ban/jail.d/jail.local i seguenti filtri:
Create il file di configurazione <code> /etc/fail2ban/filter.d/mod_sec.conf</code>
<pre>
<pre>
# Fail2Ban configuration file for mod_security
##To block failed login attempts use the below jail.
 
[apache]
[Definition]
enabled  = true
 
port    = http,https
failregex = \[.*?\]\s[\w-]*\s<HOST>\s
filter  = apache-auth
 
logpath  = /var/log/apache2/*error.log
ignoreregex =
maxretry = 3
</pre>
bantime = 600
Aggiungete questa sezione al file <code>/etc/fail2ban/jail.conf</code>:
<pre>
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[mod_sec]
[apache-overflows]
 
enabled  = true
port    = http,https
filter  = apache-overflows
logpath  = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled  = true
port    = http,https
filter  = apache-noscript
logpath  = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled  = true
enabled  = true
filter  = mod_sec
port     = http,https
action  = iptables-multiport[name=ModSec, port="http,https"]
filter  = apache-badbots
simple-log[name=modsec]
logpath  = /var/log/apache2/*error.log
logpath  = /var/log/httpd/modsec_audit.log
maxretry = 3
maxretry = 3
bantime = 600
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath  = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 600
action = iptables[name=HTTP, port=http, protocol=tcp]
</pre>
</pre>