fail2ban | 易学教程

Fail2ban jail for specific url doesn't work with Cloudflare

阅读更多关于 Fail2ban jail for specific url doesn't work with Cloudflare

问题 This is a continuation of a previous question regarding creating a jail for a specific url. It bans the Cloudflare IP and not that of the user. I've followed this guide to setup the Cloudflare filter, but am having issues. Jail.local looks like this... [apache-specific-url] enabled = true port = http,https filter = apache-specific-url action = cloudflare iptables-allports logpath = %(apache_access_log)s bantime = 48h maxretry = 1 actions.d/cloudflare.conf This is the cloudflare.conf that came

Setup Fail2ban for a specifc url

阅读更多关于 Setup Fail2ban for a specifc url

问题 For shits and giggles I created a small honepot php script. If it is called from a webpage, I want to simply put the IP address in jail. I created a filter that looks like this filename: apache-specific-url.conf [INCLUDES] before = apache-common.conf [Definition] failregex = ^<HOST> -.*"(GET|POST).*\/sshlogin.php\/.*$ ignoreregex = I've also put the following into my jail.local [apache-specific-url] enabled = true port = http,https filter = apache-specific-url logpath = %(apache_access_log)s

13 款 Linux 比较实用的工具

阅读更多关于 13 款 Linux 比较实用的工具

点击上方 IT牧场，选择置顶或者星标技术干货每日送达原文链接：http://suo.im/6wYSYy 作者：对World说Hello 本文介绍几款Linux比较实用的工具，希望有所帮助。 1、查看进程占用带宽情况-Nethogs Nethogs 是一个终端下的网络流量监控工具可以直观的显示每个进程占用的带宽。 2、硬盘读取性能测试-IOZone IOZone是一款Linux文件系统性能测试工具可以测试不同的操作系统中文件系统的读写性能。下载：http://www.iozone.org/src/current/ [root] # tar xvf iozone3_420.tar [root] # cd iozone3_420/src/current/ [root] # make linux [root] # ./iozone -a -n 512m -g 16g -i 0 -i 1 -i 5 -f /mnt/iozone -Rb ./iozone.xls -a使用全自动模式 -n为自动模式设置最小文件大小(Kbytes)。 -g设置自动模式可使用的最大文件大小Kbytes。 -i用来指定运行哪个测试。 -f指定测试文件的名字完成后自动删除 -R产生Excel到标准输出 -b指定输出到指定文件上 3、实时监控磁盘IO-IOTop IOTop命令是专门显示硬盘IO的命令

Linux快速查看文件内容中包含的字符

阅读更多关于 Linux快速查看文件内容中包含的字符

Linux快速查看文件内容中包含的字符查看/root/fail2ban-0.8.14文件下文件包含chkconfig字符串的文件 [root@instance-ie1sr8a3 ~]# grep -RF chkconfig /root/fail2ban-0.8.14 /root/fail2ban-0.8.14/files/redhat-initd:# chkconfig: - 92 08 来源： oschina 链接： https://my.oschina.net/u/4404102/blog/4497686

Linux运维必须知道Linux服务器安全

阅读更多关于 Linux运维必须知道Linux服务器安全

一、经常升级系统将软件更新到最新版本通常是任何操作系统所必需的安全预防措施。软件在更新时通常会在大到关键漏洞补丁、小到bug修复的范围内进行，很多漏洞实际上在被公布时就已经被修复了。二、自动安全更新你可以调节服务器关于自动更新的的参数。Fedora的Wiki页面上有一篇文章对自动更新进行了深入解读，文章里提到我们可以通过调整参数为安全更新会把自动更新的风险降低至最少。当然，是否选择自动更新必须由你自己决定，因为这取决于你将要在你的服务器上进行何种工作。自动更新只能通过仓库里的包才能进行，你自己编译的程序可不能用。你会需要一个与生产环境一致的测试环境，在进行最终部署之前，一定要在测试环境确认无误才行。 · CentOS使用yum-cron 进行自动更新。 · Debian和Ubuntu使用无人值守更新。 · Fedora使用dnf-automatic。三、添加一个受限用户账户我们假定你已经使用 root 权限进入了服务器中，你此时拥有服务器的至高权限，一个不小心就会把服务器搞瘫痪。所以，你应该有一个受限制账户而不是一直使用 root 账户。这不会给你的操作带来多大麻烦，因为你可以通过 sudo来进行任何你想要的操作。有的发行版可能并不把 sudo设为默认选项，不过你还是可以在软件包仓库中找到。如果你获得的提示是 sudo：command not found

optimise server operations with elasticsearch : addressing low disk watermarks

阅读更多关于 optimise server operations with elasticsearch : addressing low disk watermarks

问题 EDITED - Based on comments of @opster elasticsearch ninja, I edited original question to keep it focused on low disk watermarks error for ES. For more general server optimization on small machine, see: Debugging Elasticsearch and tuning on small server, single node For original follow up on the original question and considerations related to debugging ES failures, also: https://chat.stackoverflow.com/rooms/213776/discussion-between-opster-elasticsearch-ninja-and-user305883 Problem : I noticed

optimise server operations with elasticsearch : addressing low disk watermarks

阅读更多关于 optimise server operations with elasticsearch : addressing low disk watermarks

Docker 部署 FreeSWITCH

阅读更多关于 Docker 部署 FreeSWITCH

前言　　Linux 上部署 FreeSWITCH 是一件比较麻烦的事情，用 Docker 部署相对方便且更容易运维。下面详述官方项目部署步骤。容器公开以下端口： 5060/tcp 5060/udp 5080/tcp 5080/udp作为SIP信令端口。 5066/tcp 7443/tcp作为WebSocket信令端口。 8021/tcp作为事件套接字端口。 64535-65535/udp作为媒体端口。部署步骤一、克隆git 执行命令 git clone https://github.com/BetterVoice/freeswitch-container.git 得到一个名为 freeswitch-container 的文件夹 # Jenkins. FROM ubuntu: 16.04 MAINTAINER Thomas Quintana <thomas@bettervoice.com> # Enable the Ubuntu multiverse repository. RUN echo " deb http://us.archive.ubuntu.com/ubuntu/ trusty multiverse " >> /etc/apt/ source.list RUN echo " deb-src http://us.archive.ubuntu.com/ubuntu/

Confuse about fail2ban behavior with firewallD in Centos 7

阅读更多关于 Confuse about fail2ban behavior with firewallD in Centos 7

问题 I was using fail2ban/iptables in a Centos 6 server. I moved to Centos 7 and now I am using fail2ban/firewallD (installed by Webmin/Virtualmin with their defaults) These are cat /var/log/maillog | grep "disconnect from unknown" screen shots cat /var/log/fail2ban.log | grep Ban only displays 2019-10-27 16:52:22,975 fail2ban.actions [8792]: NOTICE [proftpd] Ban 111.225.204.32 Furthermore tailf /var/log/fail2ban.log displays several "already banned" of the same IP. In this case fail2ban, after

how to specify multiple log files pattern in fail2ban jail?

阅读更多关于 how to specify multiple log files pattern in fail2ban jail?

问题 I have log files on my server as follows vpn_20191007.log vpn_20191008.log vpn_20191009.log vpn_20191010.log vpn_20191011.log vpn_20191012.log vpn_20191013.log vpn_20191014.log vpn_20191015.log vpn_20191016.log Is it possible to add log files pattern in fail2ban jail config? [application] enabled = false filter = example action = iptables logpath = /var/log/vpn_%D.log maxretry = 1 回答1: Well, conditionally it is possible... Although wildcards are basically allowed at the moment, so : logpath =