nishiyamaosamu/fail2ban

## fail2ban
/var/log/fail2ban/fail2ban.log {
    missingok
    notifempty
    weekly
    rotate 5
    compress
    dateext
    create 0644 root root
    postrotate
        /usr/bin/fail2ban-client set logtarget /var/log/fail2ban/fail2ban.log 2> /dev/null || true
    endscript
}

## fail2ban.conf
# logtarget = SYSLOG  # ←これをコメントアウト
logtarget = /var/log/fail2ban/fail2ban.log # ←これを追加

## file0.txt
#インストール
yum install fail2ban

#起動時に自動起動
chkconfig --add fail2ban
chkconfig fail2ban on

## file1.txt
vim /etc/fail2ban/fail2ban.conf

## file10.txt
service fail2ban start

## file11.txt
vim /etc/fail2ban/jail.conf

## file3.txt
mkdir /var/log/fail2ban/

## file4.txt
vim /etc/fail2ban/filter.d/nginx-404.conf

## file5.txt
[Definition]
failregex =  ^<HOST>.*"(GET|POST).*" (403|404) .*$
ignoreregex =

## file6.txt
vim /etc/fail2ban/jail.local

## file8.txt
vim /etc/logrotate.d/fail2ban

## jail.conf
ignoreip = 127.0.0.1/8 xxx.xxx.0.0/16

## jail.local
[nginx-404]
enabled = true
port = http,https
filter = nginx-404
logpath = /var/log/nginx*/*access.log
action = iptables-multiport[name=404, port="http,https", protocol=tcp]
maxretry = 5
findtime = 30
bantime = 7200
	/var/log/fail2ban/fail2ban.log {
	missingok
	notifempty
	weekly
	rotate 5
	compress
	dateext
	create 0644 root root
	postrotate
	/usr/bin/fail2ban-client set logtarget /var/log/fail2ban/fail2ban.log 2> /dev/null \|\| true
	endscript
	}
	# logtarget = SYSLOG # ←これをコメントアウト
	logtarget = /var/log/fail2ban/fail2ban.log # ←これを追加
	#インストール
	yum install fail2ban

	#起動時に自動起動
	chkconfig --add fail2ban
	chkconfig fail2ban on
	[Definition]
	failregex = ^<HOST>."(GET\|POST)." (403\|404) .*$
	ignoreregex =
	[nginx-404]
	enabled = true
	port = http,https
	filter = nginx-404
	logpath = /var/log/nginx/access.log
	action = iptables-multiport[name=404, port="http,https", protocol=tcp]
	maxretry = 5
	findtime = 30
	bantime = 7200