Filters
You can customize, improve the filters Fail2Ban uses. You can find the filters in /etc/fail2ban/filter.d/. Below is a small collection of filters for the services, I have already covered.
nginx-http-auth.conf
[Definition]
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
ignoreregex =nginx-badbots.conf
sudo cp apache-badbots.conf nginx-badbots.confnginx-noscript
[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
ignoreregex =nginx-noproxy
[Definition]
failregex = ^<HOST> -.*GET http.*
ignoreregex =MongoDB
mongo-auth.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = mongodb
failregex = ^.*[aA]uthentication [fF]ail(ed|ure) for \w+ on \w+ from client <HOST>:[0-9].*|$
ignoreregex =
# Author: luiseok (https://github.com/luiseok)
No Comments