wok-6.x rev 13257
fail2ban: add filter.d/lighttpd-fastcgi.conf
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Fri Aug 17 12:21:42 2012 +0200 (2012-08-17) |
parents | 82b888228924 |
children | 6be450c86868 |
files | fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf |
line diff
1.1 --- a/fail2ban/receipt Fri Aug 17 09:13:42 2012 +0200 1.2 +++ b/fail2ban/receipt Fri Aug 17 12:21:42 2012 +0200 1.3 @@ -30,6 +30,14 @@ 1.4 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ 1.5 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 1.6 cat >> $fs/etc/fail2ban/jail.conf <<EOT 1.7 +[lighttpd-fastcgi] 1.8 + 1.9 +enabled = false 1.10 +port = http,https 1.11 +filter = lighttpd-fastcgi 1.12 +logpath = /var/log/lighttpd/*error*.log 1.13 +maxretry = 2 1.14 + 1.15 [ssh-ddos] 1.16 1.17 enabled = true
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf Fri Aug 17 12:21:42 2012 +0200 2.3 @@ -0,0 +1,18 @@ 2.4 +# Fail2Ban configuration file 2.5 +# 2.6 +# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> 2.7 +# 2.8 + 2.9 +[Definition] 2.10 + 2.11 +# Option: failregex 2.12 +# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module 2.13 +# Values: TEXT 2.14 +# 2.15 +failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\' 2.16 + 2.17 +# Option: ignoreregex 2.18 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 2.19 +# Values: TEXT 2.20 +# 2.21 +ignoreregex =