fail2ban封IP之Http

4.激活fail2ban的规则
从测试结果可以看出, 恶意攻击节点的IP地址和攻击时间都能够正确发现, 因此可以进一步修改fail2ban的配置文件激活上述规则.
下面是我的/etc/fail2ban/jail.local配置文件内容:

[tomcat]  
enabled = true 
port = http,https  
filter = tomcat 
action = iptables[name=tomcat, port=8080, protocol=tcp]   
         sendmail-whois[name=tomcat, dest=abc@mail.com]  
maxretry = 2 
logpath = /opt/tomcat5/logs/localhost_access_log.txt  
bantime  = 1800 

5.测试效果
生成2个错误的链接,查看fail2ban日志 如下：

2010-09-10 18:33:30,156 fail2ban.actions.action: INFO   Set actionStart = printf %b "Subject: [Fail2Ban] : started  
From: Fail2Ban <> 
To: \n  
Hi,\n  
The jail  has been started successfully.\n  
Regards,\n  
Fail2Ban" | /usr/sbin/sendmail -f    
2010-09-10 18:33:30,157 fail2ban.actions.action: INFO   Set actionUnban =   
2010-09-10 18:33:30,158 fail2ban.actions.action: INFO   Set actionCheck =   
2010-09-10 18:33:31,546 fail2ban.actions: WARNING [tomcat] Ban 192.168.32.41 

并查看管理员邮箱 ,已经收到邮件了,内容大概如下：

Hi,  
 
The IP 192.168.32.41 has just been banned by Fail2Ban after  
4 attempts against tomcat.  
 
 
Here are more information about 192.168.32.41:  
 
[Querying whois.arin.net]  
[whois.arin.net]  
#  
# Query terms are ambiguous.  The query is assumed to be:  
#     "n 192.168.32.41"  
#  
# Use "?" to get help.  

6.写完收工.
上面只是根据我的需求,写的一点东西,其他很功能大家自己可以去研究 .

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务，公司网站：http://www.lingzhong.cn 为了给广大客户了解更多的技术信息，本技术文章收集来源于网络,凌众科技尊重文章作者的版权，如果有涉及你的版权有必要删除你的文章，请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!