informatique:system_admin:fail2ban
Ceci est une ancienne révision du document !
fail2ban
Filters
Wordpress
Voir les filtres du plugin wp-fail2ban https://plugins.svn.wordpress.org/wp-fail2ban/trunk/filters.d/
Dédier des logs à fail2ban https://github.com/fail2ban/fail2ban/wiki/Best-practice
# Filtre pour Wordpress via nginx combined access_log # xmlrpc.php n'est pas utile: https://kinsta.com/fr/blog/xmlrpc-php/ # [INCLUDES] # Load regexes for filtering before = botsearch-common.conf [Definition] failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /wp-content/plugins/wp-file-manager/\S+ \S+\" 404 .+$ ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /vendor/phpunit/phpunit/\S+ \S+\" 404 .+$ ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /\.env \S+\" (403|404) .+$ ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) /\S+/wp-login\.php \S+\" 404 .+$ ^<HOST> \- \S+ \[\] \"POST /xmlrpc.php \S+\" (200|503) .+$ ignoreregex = datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)? ^[^\[]*\[({DATE}) {^LN-BEG}
informatique/system_admin/fail2ban.1617884130.txt.gz · Dernière modification : 08/04/2021 14:15 de cyrille