サーラリマンは働き過ぎ、社畜化に注意しよう!!

wordpress fail2ban mint 19

Linux Mint
スポンサーリンク

# vi /etc/fail2ban/filter.d/wordpress.conf

[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0”
#
failregex = ^<HOST>.*(POST|GET).*(wp-login\.php|xmlrpc\.php).*
ignoreregex =

# vi /etc/fail2ban/filter.d/apache-404.conf

[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0″

# フィルター
failregex = ^.*”(GET|POST).*” 404 .*$

# ホワイトリスト
ignoreregex =

# vi /etc/fail2ban/filter.d/apache-403.conf

[Definition]
# /var/log/apache2/access.log のアクセス例
# 93.113.111.100 – – [06/Mar/2020:11:03:37 +0900] “POST /xmlrpc.php HTTP/1.1” 200 494 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0″

# フィルター
failregex = ^.*”(GET|POST).*” 403 .*$
# ホワイトリスト
ignoreregex =

# vi /etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.0/24 117.102.195.171
bantime = 86400 #24時間
findtime = 600
maxretry = 5
mta = mail
destmail = root
sendename=Fail2BanAlerts

[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=”wordpress”, port=”http,https”, protocol=”tcp”]
logpath = /var/log/apache2/access.log
findtime = 600
maxretry = 6

[apache-403]
enabled = true
filter = apache-403
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=”403″, port=”http,https”, protocol=”tcp”]
maxretry = 10
findtime = 30
bantime = 1800

[apache-404]
enabled = true
filter = apache-404
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=”404″, port=”http,https”, protocol=”tcp”]
maxretry = 10
findtime = 30
bantime = 1800

確認

# fail2ban-client status

fail2banとiptableの連携確認

# iptables -L -n

コメント