Show pageOld revisionsBacklinksAdd to bookExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== fail2ban ====== ===== install ===== <code> apt install fail2ban </code> ===== filter ===== define new filter <file ini /etc/fail2ban/filter.d/giano-login.conf> [Definition] failregex = ^<HOST> .+ /auth/token/v2 HTTP/1.[0-9]" 401 ignoreregex = </file> test filter <code> fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/giano-login.conf --print-all-matched </code> ===== action ===== <file ini action.d/telegram.conf> [Definition] actionstart = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] jail <name> è stata avviata" actionstop = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] jail <name> è stata fermata" actioncheck = actionban = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] IP <ip> è stato bannato dopo <failures> tentativi falliti dalla jail <name>" actionunban = [Init] init = 'Fail2Ban Telegram plugins activated" </file> ===== jail ===== <file ini /etc/fail2ban/jail.d/giano-login.conf> [giano-login] enabled = true filter = giano-login port = http,https logpath = /var/log/nginx/*access*.log findtime = 60 bantime = 6000 maxretry = 3 action = %(action_)s telegram[name=GIANO] </file> ===== test ===== test <code> fail2ban-client -d </code> restart service to apply filter and jail <code> systemctl restart fail2ban </code> ===== status ===== <code> fail2ban-client status giano-login </code> ===== unban ===== <code> fail2ban-client set giano-login unbanip IPADDRESS </code> ===== telegram action ===== <code> pip install telegram-send </code> create configuration file with token and chat id <file ini /etc/telegram-send.conf> [telegram] chat_id = token = </file> test (-g option to use /etc/telegram-send.con) <code> telegram-send -g "hello, world" </code> tips/fail2ban.txt Last modified: 2019/04/15 09:04by scipio