bbr18
03/11/2014, 16h44
Envoyé par nono67
Definition] failregex = [[]client[]] client denied by server configuration: /home/www/*.* ignoreregex=
file\r\n
dos2unix /etc/fail2ban/filter.d/apache-phpmyadmin.conf
.htaccess
[apache-phpmyadmin] enabled = true port = http,https filter = apache-phpmyadmin logpath = /var/log/apache*/*error.log logpath = /var/log/virtualmin/*_error_log maxretry = 3
# Fail2Ban configuration file # Bans bots scanning for non-existing phpMyAdmin installations on your webhost. # [Definition] # Option: failregex # Notes.: Regexp to match often probed and not available phpmyadmin paths. # Values: TEXT # failregex = [[]client[]] File does not exist: .*(PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
* Restarting authentication failure monitor fail2ban Traceback (most recent call last): File "/usr/bin/fail2ban-client", line 404, inif client.start(sys.argv): File "/usr/bin/fail2ban-client", line 373, in start return self.__processCommand(args) File "/usr/bin/fail2ban-client", line 183, in __processCommand ret = self.__readConfig() File "/usr/bin/fail2ban-client", line 378, in __readConfig ret = self.__configurator.getOptions() File "/usr/share/fail2ban/client/configurator.py", line 68, in getOptions return self.__jails.getOptions(jail) File "/usr/share/fail2ban/client/jailsreader.py", line 67, in getOptions ret = jail.getOptions() File "/usr/share/fail2ban/client/jailreader.py", line 78, in getOptions ret = self.__filter.read() File "/usr/share/fail2ban/client/filterreader.py", line 56, in read return ConfigReader.read(self, "filter.d/" + self.__file) File "/usr/share/fail2ban/client/configreader.py", line 62, in read SafeConfigParserWithIncludes.read(self, [bConf, bLocal]) File "/usr/share/fail2ban/client/configparserinc.py", line 108, in read fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename) File "/usr/share/fail2ban/client/configparserinc.py", line 79, in getIncludes parser.read(resource) File "/usr/lib/python2.7/ConfigParser.py", line 305, in read self._read(fp, filename) File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) ConfigParser.MissingSectionHeaderError: File contains no section headers. file: /etc/fail2ban/filter.d/apache-phpmyadmin.conf, line: 1 ' # Fail2Ban configuration file\r\n'
--------------------- vpopmail Begin ------------------------
abc@ovh.net - 1 Time(s)
abuse@ovh.net - 1 Time(s)
accounts@ovh.net - 2 Time(s)
admin@ovh.net - 7 Time(s)
alan@ovh.net - 2 Time(s)
alex@ovh.net - 1 Time(s)
almacen@ovh.net - 1 Time(s)
amanda@ovh.net - 1 Time(s)
andrea@ovh.net - 1 Time(s)
angel@ovh.net - 1 Time(s)
angela@ovh.net - 1 Time(s)
anne@ovh.net - 1 Time(s)
etc.....
[http-get-dos] enabled = true port = http,https filter = http-get-dos logpath = /var/log/apache*/*.* logpath = /var/log/virtualmin/*.* maxretry = 360 findtime = 120 ignoreip = 168.192.0.1 # ajouter votre_ip si elle est fixe bantime = 259200 action = iptables-allports
[Definition] failregex = [[]client[]] client denied by server configuration: /home/www/*.* ignoreregex=
ignoreip = 127.0.0.1/8 ton_ip_fixe ta_2eme_ip_fixe
maxretry = 1
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6
Status for the jail: ssh |- filter | |- File list: /var/log/auth.log | |- Currently failed: 1 | `- Total failed: 4 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0
[DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1/8 bantime = 600 maxretry = 3
[DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1/8 findtime=600 bantime = 600 maxretry = 3
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 6
fail2ban-client status ssh
Status for the jail: ssh |- filter | |- File list: /var/log/auth.log | |- Currently failed: 1 | `- Total failed: 4 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0
destemail = mail@nomdedoamine.fr
# ban & send an e-mail with whois report to the destemail. %(action_)s = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] # ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]