informatique:system_admin:fail2ban
Ceci est une ancienne révision du document !
fail2ban
Filters
Wordpress
Voir les filtres du plugin wp-fail2ban https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/
Dédier des logs à fail2ban https://github.com/fail2ban/fail2ban/wiki/Best-practice
# Filtre pour Wordpress via nginx combined access_log
# xmlrpc.php n'est pas utile: https://kinsta.com/fr/blog/xmlrpc-php/
#
[INCLUDES]
# Load regexes for filtering
before = botsearch-common.conf
[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /wp-content/plugins/wp-file-manager/\S+ \S+\" 404 .+$
^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /vendor/phpunit/phpunit/\S+ \S+\" 404 .+$
^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /\.env \S+\" (403|404) .+$
^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /\S+/wp-login\.php \S+\" 404 .+$
^<HOST> \- \S+ \[\] \"POST /xmlrpc.php \S+\" (200|503) .+$
ignoreregex =
datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)?
^[^\[]*\[({DATE})
{^LN-BEG}
informatique/system_admin/fail2ban.1617884130.txt.gz · Dernière modification : 08/04/2021 14:15 de cyrille