Fail2ban - 원격 호스트로부터의 DOS 공격 중지 - 시작되지 않음

Fail2ban - 원격 호스트로부터의 DOS 공격 중지 - 시작되지 않음

해결책

##원격 호스트의 DOS 공격을 막기 위해.

[http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

운영체제:우분투 서버 20.10

HTTP 서버:아파치

(원격 호스트로부터의 DOS 공격을 중지하기 위해) 규칙을jail.conf에 추가하면,fail2ban이 작동을 멈춥니다. 몇 가지 튜토리얼에서 이러한 구성을 얻었지만 Ubuntu 16 및 18이었습니다.

enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

/etc/fail2ban/filter.d

http-get-dos.conf

# Fail2Ban configuration file 
[Definition]
failregex = ^<HOST> -.*"(GET|POST).* 
ignoreregex =

sudo systemctl 상태 실패2반

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2021-01-07 09:05:29 UTC; 1h 23min ago
       Docs: man:fail2ban(1)
    Process: 82878 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 82879 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 82879 (code=exited, status=255/EXCEPTION)

Jan 07 09:05:29 urial systemd[1]: Starting Fail2Ban Service...
Jan 07 09:05:29 urial systemd[1]: Started Fail2Ban Service.
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,370 fail2ban                [82879]: ERROR   Failed during configuration: While reading from '/etc/fail2ban/jail.local' [l>
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,372 fail2ban                [82879]: ERROR   Async configuration of server failed
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Failed with result 'exit-code'.

/etc/fail2ban$ 고양이jail.local

wlodek@urial:/etc/fail2ban$ cat jail.local
 ##To block failed login attempts use the below jail. 
[sshd]
enable = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretray = 3
findtime = 300
bandtime = 86400
ignoreip = 127.0.0.1  

##To block failed login attempts use the below jail. 
[apache] 
enabled = true 
port = http,https 
filter = apache-auth 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to request suspicious URLs, use the below jail. 
[apache-overflows] 
enabled = true 
port = http,https 
filter = apache-overflows 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail. 
[apache-noscript] 
enabled = true 
port = http,https 
filter = apache-noscript 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to request malicious bot, use below jail. 
[apache-badbots] 
enabled = true 
port = http,https 
filter = apache-badbots 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To stop DOS attack from remote host. [http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

답변1

파일 에서 jail.local감옥 섹션 제목은 주석과 같은 줄에 있습니다.

##To stop DOS attack from remote host. [http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

이는 섹션 제목이 무시된다는 의미입니다. 다음과 같이 별도의 줄에 입력해야 합니다.

##To stop DOS attack from remote host.
[http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

관련 정보