今天我在我的 ubuntu 服务器中安装了 fail2ban。在此之后,我必须添加以下 .conf 我在 githunb 上的 fail2ban:/etc/config/filter.d/lighttpd.conf
# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
#
[Definition]
failregex = ^: \(http_auth\.c\.\d+\) (password doesn\'t match .* username: .*|digest: auth failed for .*: wrong password|get_password failed), IP: <HOST>\s*$
ignoreregex =
# Author: Francois Boulogne <fboulogne@april.org>
在此之后,我在我的 Jail.conf 中添加了以下几行:
[lighttpd-auth]
enabled = false
filter = lighttpd-auth
action = iptables[name=lighttpd-auth, port="http,https"]
# adapt the following two items as needed
logpath = /var/log/lighttpd/error.log
maxretry = 2
现在我遇到了以下问题,fail2ban 可以找到错误的登录名,但无法禁止攻击者 IP -.- 这是我的 file2ban.log 中的行
2013-11-05 18:23:24,710 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,747 fail2ban.actions: WARNING [lighttpd-auth] Ban 9.999.999.99
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,750 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment
2013-11-05 18:23:59,756 fail2ban.actions.action: ERROR iptables -N fail2ban-lighttpd-auth
iptables -A fail2ban-lighttpd-auth -j RETURN
iptables -I INPUT -p tcp --dport http,https -j fail2ban-lighttpd-auth returned 200
2013-11-05 18:23:59,758 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-lighttpd-auth returned 100
2013-11-05 18:23:59,758 fail2ban.actions.action: CRITICAL Unable to restore environment
2013-11-05 18:24:01,760 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:02,762 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
2013-11-05 18:24:04,764 fail2ban.actions: WARNING [lighttpd-auth] 9.999.999.99 already banned
谁能帮我?