Nginx + fail2ban 提高安全性

通过Nginx做web server时，发现error.log中有很多连接尝试，这个时候fail2ban可以比较好的对付这些爬虫，探测程序等。

1. Policy配置

# Install fail2ban
sudo apt-get install fail2ban

# Copy jail.conf at /etc/fail2ban/jail.local and edit it.

[nginx-noscript]

enabled = true
port = http,https
filter = nginx-noscript
logpath = /usr/local/nginx-1.8.0/logs/error.log
maxretry = 1
findtime = 60
bantime = 7200

# Create /etc/fail2ban/filter.d/nginx-noscript.conf

[Definition]

failregex = ^.*(.*\.php).*failed.*client: 
  
  
   
   ,.*"$

ignoreregex =


# To block php script attack.

# Restart fail2ban service
sudo service fail2ban restart

# fail2ban Logs
/var/log/fail2ban.log

# Debug filter
fail2ban-regex /usr/local/nginx-1.8.0/logs/error.log /etc/fail2ban/filter.d/nginx-noscript.conf

# List all rule in iptables
sudo iptables -L --line-numbers

# Remove some rule added by fail2ban, n is rule id.
sudo iptables -D fail2ban-nginx-noscript n

  
  

2. 查找分析Log

因为fail2ban会定期备份日志，所以需要查看IP地址时需要对所有的log进行查找，可以用zgrep 

        zgrep -c 210.213. /var/log/fail2ban.

3. 配置文件

     /etc/fail2ban/fail2ban.

4. Log rotate 配置  /etc/logrotate.d/fail2ban

  1 /var/log/fail2ban.log {
  2    
  3     weekly
  4     rotate 4
  5     compress
  6 
  7     delaycompress
  8     missingok
  9     postrotate
 10     fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
 11     endscript
 12 
 13     # If fail2ban runs as non-root it still needs to have write access
 14     # to logfiles.
 15     # create 640 fail2ban adm
 16     create 640 root adm
 17 }

5. Permanently Ban Repeat Offenders With Fail2Ban

https://wireflare.com/permanently-ban-repeat-offenders-with-fail2ban/