(可选)(实验性)Fail2ban集成Axigen

1
2

<login> user admin
<password> admin_password_which_will_be_showed_in_clear_text

1
2
3
4
5
6
7

<#> config server
<server#> config log
<server-log#> set enableSecurityLog yes
<server-log#> commit
<server#> commit
<#> save config
<#> quit

1

/etc/init.d/axigen restart

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

# Fail2Ban filter for axigen
#
# Revision: 2016040601
#
# If you want to protect Axigen from being bruteforced by password
# authentication then configure enableSecurityLog = yes in axigen.cfg
# and reload configuration.
#
# Log file: ${AXIGEN_WORK_DIR}/log/security.txt
# Log example: 2016-03-08 12:41:29 +0200 02 aximon SECURITY:PROXY_WEBMAIL;0002607C;82.36.25.70;61707;OP_FAIL;root@q.me;Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0;Authentication error; Invalid password
#
#
# Notes:
# * Feature introduced by Axigen version 9.0
# * Axigen 9 default separator was ':'
# * Axigen 10 default separator switched to ';' (due to IPv6 address format)
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = axigen

failregex = ^%(__prefix_line)s.* SECURITY:[A-Z3_\-]+[:;][0-9A-F]+[:;]<HOST>[:;][0-9]+[:;]OP_FAIL[:;].*$

ignoreregex =

[Init]

# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 10

1
2
3
4
5
6
7
8

[axigen]
enabled = true
backend = polling
logpath = /var/opt/axigen/log/security.txt
banaction = iptables-allports
maxretry = 10
findtime = 600
bantime = 600

1

systemctl restart fail2ban