# vi /etc/fail2ban/filter.d/wordpress.conf
[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
#
failregex = ^<HOST>.*(POST|GET).*(wp-login\.php|xmlrpc\.php).*
ignoreregex =
# vi /etc/fail2ban/filter.d/apache-404.conf
[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0″
# フィルター
failregex = ^.*”(GET|POST).*” 404 .*$
# ホワイトリスト
ignoreregex =
# vi /etc/fail2ban/filter.d/apache-403.conf
[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0″
# フィルター
failregex = ^.*”(GET|POST).*” 403 .*$
# ホワイトリスト
ignoreregex =
# vi /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.0/24 117.102.195.171
bantime = 86400 #24時間
findtime = 600
maxretry = 5
mta = mail
destmail = root
sendename=Fail2BanAlerts
[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=”wordpress”, port=”http,https”, protocol=”tcp”]
logpath = /var/log/apache2/access.log
findtime = 600
maxretry = 6
[apache-403]
enabled = true
filter = apache-403
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=”403″, port=”http,https”, protocol=”tcp”]
maxretry = 10
findtime = 30
bantime = 1800
[apache-404]
enabled = true
filter = apache-404
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=”404″, port=”http,https”, protocol=”tcp”]
maxretry = 10
findtime = 30
bantime = 1800
確認
# fail2ban-client status
fail2banとiptableの連携確認
# iptables -L -n
コメント