我无法成功配置用于Bookstack的fail 2ban筛选器。我尝试了3个不同的正则表达式检查器,他们都捕捉日志行,但当我尝试与失败,正则表达式工具,它不打任何东西。
Apache错误日志文件:
[Mon Sep 11 10:41:55.375879 2023] [php:notice] [pid 30757] [client 82.32.100.175:52892] Failed login for [email protected], referer: https://bookstack.exemple.com/login
[Mon Sep 11 10:44:55.883100 2023] [php:notice] [pid 30743] [client 100.154.118.1:59728] Failed login for [email protected], referer: https://bookstack.exemple.com/loginfail2ban/filter.d/bookstack.conf:
[Definition]
failregex = (\[client <HOST>\]) (Failed login for .*?[^,]+)jail.local:
[bookstack]
enabled = true
port = http,https
logpath = %(apache_error_log)s
filter = bookstack$ sudo fail2ban-regex/var/log/apache2/error. log/etc/fail2ban/filter.d/bookstack.conf --print-all-matched >
Running tests
=============
Use failregex filter file : bookstack, basedir: /etc/fail2ban
Use log file : /var/log/apache2/error.log
Use encoding : UTF-8
Results
=======
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [51] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 51 lines, 0 ignored, 0 matched, 51 missed
[processed in 0.01 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 51 lines任何帮助将不胜感激。非常感谢你的时间。
1条答案
按热度按时间qyzbxkaa1#
我终于解决了这个问题。不过,我不知道怎么做。可能是因为UFW或netfilter-persistent。我将很快尝试重新安装服务器来测试这两种可能性。
这里是bookstack.conf:
这个正则表达式也可以很好地工作(没有日期模式):
最后,我在我的jail.local中添加了更多的设置(以前没有):
编辑:如果它对其他人有用的话。我重新安装了服务器,它的工作没有netfilers-persistent也没有UFW。