解決
##リモートホストからの DOS 攻撃を阻止します。
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]
OS:Ubuntu サーバー 20.10
HTTP サーバー:アパッチ
jail.conf にルール (リモート ホストからの DOS 攻撃を阻止する) を追加すると、fail2ban が動作しなくなります。いくつかのチュートリアルでこのような構成を取得しましたが、それらは Ubuntu 16 と 18 でした。
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]
/etc/fail2ban/filter.d
http-get-dos.conf
# Fail2Ban configuration file
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*
ignoreregex =
sudo systemctl ステータス fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2021-01-07 09:05:29 UTC; 1h 23min ago
Docs: man:fail2ban(1)
Process: 82878 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Process: 82879 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
Main PID: 82879 (code=exited, status=255/EXCEPTION)
Jan 07 09:05:29 urial systemd[1]: Starting Fail2Ban Service...
Jan 07 09:05:29 urial systemd[1]: Started Fail2Ban Service.
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,370 fail2ban [82879]: ERROR Failed during configuration: While reading from '/etc/fail2ban/jail.local' [l>
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,372 fail2ban [82879]: ERROR Async configuration of server failed
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Failed with result 'exit-code'.
/etc/fail2ban$ 猫刑務所.local
wlodek@urial:/etc/fail2ban$ cat jail.local
##To block failed login attempts use the below jail.
[sshd]
enable = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretray = 3
findtime = 300
bandtime = 86400
ignoreip = 127.0.0.1
##To block failed login attempts use the below jail.
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 127.0.0.1
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 127.0.0.1
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 127.0.0.1
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 127.0.0.1
##To stop DOS attack from remote host. [http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]
答え1
ファイル内でjail.local、 jail セクションの見出しはコメントと同じ行にあります。
##To stop DOS attack from remote host. [http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]
これは、セクションの見出しが無視されていることを意味します。次のように別の行に配置する必要があります。
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]