Commit 58614031 authored by David Foucher's avatar David Foucher

WIP add fail2ban

parent a8048d10
Pipeline #3535 passed with stage
in 2 minutes and 4 seconds
[Definition]
failregex = limiting connections by zone.*client: <HOST>
[Definition]
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
ignoreregex =
[Definition]
failregex = limiting requests, excess:.* by zone.*client: <HOST>
[sshd]
enabled = false
[nginx-req-limit]
enabled = true
filter = nginx-req-limit
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
port = http,https
logpath = /var/log/nginx/error.log
findtime = 600
bantime = 7200
maxretry = 10
[nginx-conn-limit]
enabled = true
filter = nginx-conn-limit
action = iptables-multiport[name=ConnLimit, port="http,https", protocol=tcp]
port = http,https
logpath = /var/log/nginx/error.log
findtime = 300
bantime = 7200
maxretry = 100
......@@ -28,6 +28,7 @@ RUN apt-get update && apt-get -y install \
cron \
rsyslog \
logrotate \
fail2ban \
iptables \
git \
dnsutils
......@@ -43,5 +44,6 @@ RUN git clone -b ${TREFLE_OLD_VERSION} ${TREFLE_GIT} /srv/trefle-old && \
chown -R www-data: /srv/trefle-old && \
chmod -R u+rwx /srv/trefle-old
CMD service nginx start; \
CMD service fail2ban start; \
service nginx start; \
cron -f
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment