今日、ubuntu サーバーに fail2ban をインストールしました。この後、githunb の fail2ban で取得した次の .conf を追加する必要がありました: /etc/config/filter.d/lighttpd.conf
# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
#
[Definition]
failregex = ^: \(http_auth\.c\.\d+\) (password doesn\'t match .* username: .*|digest: auth failed for .*: wrong password|get_password failed), IP: <HOST>\s*$
ignoreregex =
# Author: Francois Boulogne <fboulogne@april.org>
この後、Jail.conf に次の行を追加しました。
[lighttpd-auth]
enabled = false
filter = lighttpd-auth
action = iptables[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2
そして今、私は次の問題を抱えています.fail2banは間違ったログインを見つけることができますが、攻撃者のIPを禁止することはできません-.-ここに私のfile2ban.logからの行があります
2013-11-05 18:23:24,710 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,747 fail2ban.actions: WARNING [lighttpd-auth] Ban 9.999.999.99
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2013-11-05 18:23:59,756 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,758 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,758 fail2ban.actions.action: CRITICAL Unable to restore environment
2013-11-05 18:24:01,760 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:02,762 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:04,764 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
誰でも私を助けることができますか?