Hi John,
FWIW: I've squelched my current issue with an awk command in a
relatively simple bash script:
#!/usr/bin/env bash
#
stdbuf -i0 -o0 -e0 tail -F /var/log/httpd/error_log | stdbuf -i0 -o0
-e0 sed 's/] \[/|/g;s/\[/|/g;s/\]/|/g' | stdbuf -i0 -o0 -e0 awk -F '|'
'/AH01630/ { match($5, /^client (.*):/, ip);print "banning " ip[1];
system("apf -d " ip[1] " banned wp hacker") }'
This may need some tweaking, but to replicate that in Fail2ban I'd
probably do something like this:
Create /etc/fail2ban/filter.d/httpd-ah01630.conf with this in it:
--------------------------------------------------------------
[Definition]
failregex = AH01630: client <HOST> (rejected|denied) by server configuration
ignoreregex =
--------------------------------------------------------------
Create /etc/fail2ban/jail.d/httpd-ah01630.conf with this in it:
--------------------------------------------------------------
[httpd-ah01630]
enabled = true
port = 80,81,443,444
filter = httpd-ah01630
logpath = /var/log/httpd/error_log
--------------------------------------------------------------
Then "systemctl restart fail2ban" to make this active and do some
testing to see if it works.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
