-
Notifications
You must be signed in to change notification settings - Fork 19
Fail2Ban
GitzJoey edited this page Apr 24, 2022
·
4 revisions
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language. This wiki only cover fail2ban filter that used by this projects
This default filters are recommended to be enabled
- Apache related
apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-shellshock - SSH related sshd
- PHP related php-url-fopen
This are the list of 3rd party filters that good to have
-
webexploits
Github -
Additional regex can be added
^<HOST> -.*(GET).*(python-requests/2.26.0)
- MariaDB auth syslog
If your MariaDB is logging into /var/log/messages (search keyword is 'mariadbd')
you can modify mysql-auth filter and change the regex by removing the '^' at the start of the regex - MariaDB Aborted connection regex
%(__prefix_line)s(?:(?:\d{6}|\d{4}-\d{2}-\d{2})[ T]\s?\d{1,2}:\d{2}:\d{2} )?(?:\d+ )?\[\w+\] (?:\[[^\]]+\] )*Aborted connection.*?host: '<HOST>'