wok-6.x rev 13257

fail2ban: add filter.d/lighttpd-fastcgi.conf
author Pascal Bellard <pascal.bellard@slitaz.org>
date Fri Aug 17 12:21:42 2012 +0200 (2012-08-17)
parents 82b888228924
children 6be450c86868
files fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf
line diff
     1.1 --- a/fail2ban/receipt	Fri Aug 17 09:13:42 2012 +0200
     1.2 +++ b/fail2ban/receipt	Fri Aug 17 12:21:42 2012 +0200
     1.3 @@ -30,6 +30,14 @@
     1.4  	sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
     1.5  		-e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
     1.6  	cat >> $fs/etc/fail2ban/jail.conf <<EOT
     1.7 +[lighttpd-fastcgi]
     1.8 +
     1.9 +enabled  = false
    1.10 +port     = http,https
    1.11 +filter   = lighttpd-fastcgi
    1.12 +logpath  = /var/log/lighttpd/*error*.log
    1.13 +maxretry = 2
    1.14 +
    1.15  [ssh-ddos]
    1.16  
    1.17  enabled  = true
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf	Fri Aug 17 12:21:42 2012 +0200
     2.3 @@ -0,0 +1,18 @@
     2.4 +# Fail2Ban configuration file
     2.5 +#
     2.6 +# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
     2.7 +#
     2.8 +
     2.9 +[Definition]
    2.10 +
    2.11 +# Option:  failregex
    2.12 +# Notes.:  regex to match ALERTS as notified by lighttpd's FastCGI Module
    2.13 +# Values:  TEXT
    2.14 +#
    2.15 +failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\'
    2.16 +
    2.17 +# Option:  ignoreregex
    2.18 +# Notes.:  regex to ignore. If this regex matches, the line is ignored.
    2.19 +# Values:  TEXT
    2.20 +#
    2.21 +ignoreregex =