raine/etcprs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates to fail2ban configs
All checks were successful
Deploy / Check & Build (push) Successful in 1m18s
Details
Deploy / Deploy to Production (push) Successful in 1m13s
Details

Browse Source
This commit is contained in:
RaineAllDay
2026-03-18 20:57:17 -06:00
parent 8cba49618e
commit 8eb864192a
2 changed files with 38 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
scripts/fail2ban/etc-prs.conf
View File

@@ -8,45 +8,42 @@
# sudo fail2ban-client status nginx-scan # sudo fail2ban-client status nginx-scan
[DEFAULT] [DEFAULT]
# Ban IPs using UFW (already configured on this server)
banaction = ufw banaction = ufw
[nginx-scan] [nginx-scan]
enabled = true enabled = true
port = http,https port = http,https
filter = nginx-scan filter = nginx-scan
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
# Ban after 10 errors in 30 seconds
# Ban if 20 errors in 60 seconds maxretry = 10
maxretry = 20 findtime = 30
findtime = 60 # Ban for 24 hours
bantime = 86400
# Ban for 1 hour
bantime = 3600
[nginx-badbots] [nginx-badbots]
enabled = true enabled = true
port = http,https port = http,https
filter = nginx-badbots filter = nginx-badbots
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
maxretry = 2 maxretry = 2
findtime = 86400 findtime = 86400
bantime = 86400 bantime = 86400
[nginx-noscript] [nginx-noscript]
enabled = true enabled = true
port = http,https port = http,https
filter = nginx-noscript filter = nginx-noscript
logpath = /var/log/nginx/access.log logpath = /var/log/nginx/access.log
maxretry = 6 maxretry = 6
findtime = 60 findtime = 60
bantime = 3600 bantime = 86400
[sshd] [sshd]
enabled = true enabled = true
port = ssh port = ssh
filter = sshd filter = sshd
logpath = /var/log/auth.log logpath = /var/log/auth.log
maxretry = 5 maxretry = 5
findtime = 60 findtime = 60
bantime = 3600 bantime = 86400

14
scripts/fail2ban/nginx-scan.conf
View File

@@ -1,8 +1,10 @@
[Definition] [Definition]
# Match lines from nginx access log with 4xx/5xx responses # Matches Nginx combined log format:
# Nginx combined log format: # 1.2.3.4 - - [18/Mar/2026:09:45:00 +0000] "GET /path HTTP/1.1" 404 162 "-" "agent"
# 1.2.3.4 - - [18/Mar/2026:09:45:00 +0000] "GET /backend/config/default.yml HTTP/1.1" 404 ... #
failregex = ^<HOST> .+ "(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) .+ HTTP/\d\.\d" 40[0-9] .+$ # Triggers on 4xx responses (config probes, scanners, bad requests)
^<HOST> .+ "(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) .+ HTTP/\d\.\d" 5[0-9]{2} .+$ # 5xx excluded to avoid banning on legitimate server errors
ignoreregex = failregex = ^<HOST> - \S+ \[.*?\] "(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \S+ HTTP/\d\.\d" 4\d\d \d+
ignoreregex = ^<HOST> - \S+ \[.*?\] "\S+ \S+ HTTP/\d\.\d" 400 \d+.*"NTRIP