Last active
August 29, 2015 14:17
-
-
Save nishiyamaosamu/128e7a82fcf2cf951f0d to your computer and use it in GitHub Desktop.
EC2でnginxの過剰な404|403に対しfail2banをかける ref: http://qiita.com/osamu1203/items/e7b1718caf4fa59dca4f
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/var/log/fail2ban/fail2ban.log { | |
missingok | |
notifempty | |
weekly | |
rotate 5 | |
compress | |
dateext | |
create 0644 root root | |
postrotate | |
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban/fail2ban.log 2> /dev/null || true | |
endscript | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# logtarget = SYSLOG # ←これをコメントアウト | |
logtarget = /var/log/fail2ban/fail2ban.log # ←これを追加 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#インストール | |
yum install fail2ban | |
#起動時に自動起動 | |
chkconfig --add fail2ban | |
chkconfig fail2ban on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim /etc/fail2ban/fail2ban.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service fail2ban start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim /etc/fail2ban/jail.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir /var/log/fail2ban/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim /etc/fail2ban/filter.d/nginx-404.conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Definition] | |
failregex = ^<HOST>.*"(GET|POST).*" (403|404) .*$ | |
ignoreregex = |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim /etc/fail2ban/jail.local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vim /etc/logrotate.d/fail2ban |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ignoreip = 127.0.0.1/8 xxx.xxx.0.0/16 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[nginx-404] | |
enabled = true | |
port = http,https | |
filter = nginx-404 | |
logpath = /var/log/nginx*/*access.log | |
action = iptables-multiport[name=404, port="http,https", protocol=tcp] | |
maxretry = 5 | |
findtime = 30 | |
bantime = 7200 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment