Fail2Ban Custom¶

Eigene Regeln und Konfiguration.

Custom Filter erstellen¶

sudo nano /etc/fail2ban/filter.d/wordpress.conf

[Definition]
failregex = ^<HOST> .*POST.*wp-login.php.* 200
ignoreregex =

sudo nano /etc/fail2ban/jail.d/wordpress.conf

[wordpress]
enabled = true
filter = wordpress
logpath = /var/log/nginx/access.log
port = http,https
maxretry = 3
bantime = 3600

Custom Actions¶

Email mit Details¶

sudo nano /etc/fail2ban/action.d/mail-whois-custom.conf

[Definition]
actionstart = 
actionstop = 
actioncheck = 
actionban = printf %%b "Subject: Fail2Ban banned <IP>
From: <sender>
To: <dest>\n
The IP <IP> has been banned by Fail2Ban.\n\n
Service: <name>\n
Ban time: <bantime>\n
\n
Info about <IP>:\n
`whois <IP>`\n" | /usr/sbin/sendmail -f <sender> <dest>
actionunban =

Advanced Jails¶

Bruteforce Protection¶

[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive]
bantime = 86400
findtime = 86400
maxretry = 5

Bot Protection¶

[nginx-badbots]
enabled = true
filter = nginx-badbots
logpath = /var/log/nginx/access.log
bantime = 86400
maxretry = 1

Service neu laden¶

sudo fail2ban-client reload

Test¶

sudo fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/wordpress.conf

Zurück zur Sicherheits-Übersicht

Fail2Ban Custom¶

Custom Filter erstellen¶

WordPress Login Filter¶

WordPress Login Jail¶

Custom Actions¶

Email mit Details¶

Advanced Jails¶

Bruteforce Protection¶

Bot Protection¶

Service neu laden¶

Test¶