[CentOS-de] fail2ban und Webserverlog
Andreas Reschke
centos_ml at rirasoft.de
Sa Feb 4 13:49:37 EST 2012
Hallo zusammen,
ich habe alle meine Services (postfix, dovecot, sasl, usw) mit fail2ban
abgesichert, nur folgende "Fehler" bekomme ich nicht geregelt:
404 Not Found
//%0D/scripts/setup.php: 2 Time(s)
//3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s)
//81/phpmyadmin/scripts/setup.php: 1 Time(s)
//Admin/: 1 Time(s)
//Admin/scripts/setup.php: 1 Time(s)
//MyAdmin/: 1 Time(s)
//MyAdmin/scripts/setup.php: 1 Time(s)
//MySQLAdmin/scripts/setup.php: 1 Time(s)
//PHPMYADMIN/scripts/setup.php: 2 Time(s)
//PMA/: 1 Time(s)
//PMA/scripts/setup.php: 2 Time(s)
//PMA2/scripts/setup.php: 1 Time(s)
//PMA2009/scripts/setup.php: 2 Time(s)
//PMA3/scripts/setup.php: 2 Time(s)
//SQL/scripts/setup.php: 2 Time(s)
//SSLMySQLAdmin/scripts/setup.php: 1 Time(s)
//_PHPMYADMIN/scripts/setup.php: 2 Time(s)
//_admin/scripts/setup.php: 1 Time(s)
//_pHpMyAdMiN/scripts/setup.php: 2 Time(s)
//_phpMyAdmin/scripts/setup.php: 1 Time(s)
//_phpmyadmin/scripts/setup.php: 1 Time(s)
//admin/: 1 Time(s)
//admin/mysql/scripts/setup.php: 2 Time(s)
Folgenden Eintag habe ich in /etc/fail2ban/filter.d/apache.conf:
failregex = [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)
Und die Überprüfung:
[root at web ~]# fail2ban-regex /var/log/httpd/error_log
/etc/fail2ban/filter.d/apache.conf
/usr/share/fail2ban/server/filter.py:430: DeprecationWarning: the md5
module is deprecated; use hashlib instead
import md5
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/apache.conf
Use log file : /var/log/httpd/error_log
Results
=======
Failregex
|- Regular expressions:
| [1] [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)
|
`- Number of matches:
[1] 0 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Sorry, no match
Wie kann ich dochnoch solche Abfrageversuche mit fail2ban stoppen?
Gruß
Andreas