Quote:
Originally Posted by newbie14
Hi Habitual,
I have visited the link you suggested. So the section on the page suggested to add #To enable log monitoring for Nginx login attempts.[nginx-auth]. So I just add right below the default section that should be fine right. Why is it suggesting to change to jail.local then how will it know to pick this as the .conf ?
Basically what is running behind will be bootstrap template based php application. I dont quite get you No more "logs"without verbs.? What do you mean by this logs. I can pull more for you.
You suggested this "Create a custom jail and get f2b up to speed using that IP as a marker/test, or ignore 60.52.28.169
or issue a drop for 60.52.0.0/18". Where to create this is it in the jail.local or jail.conf ?
|
All answered in /etc/fail2ban/jail.conf
.local and custom "filters" and/or "actions" are excluded from overwriting via update/upgrade to fail2ban.
# Fail2Ban configuration file.
#
# This file was composed for Debian systems from the original one
# provided now under /usr/share/doc/fail2ban/examples/jail.conf
# for additional examples.
#
# Comments: use '#' for comment lines and ';' for inline comments
#
# To avoid merges during upgrades DO NOT MODIFY THIS FILE
#
and rather provide your changes in /etc/fail2ban/jail.local
#
# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.
As a result, I only put active jails in jail.local
Code:
[custom]
### 2018-06-04
enabled = true
port = any
filter = myfilter
action = iptables-allports[name=custom, port="any", protocol=tcp]
logpath = /var/log/nginx/access.log
backend = polling
maxretry = 2
findtime = 300
bantime = 86,400