Tag: Fail2ban
Centos fail2ban error
18/08/2014
With the latest version of Fail2ban I got this error on some Centos servers that Fail2ban would not start anymore.
This is the quick fix:
Add to your jail.conf:
|
1 2 3 |
[DEFAULT] backend=gamin |
Found the above solution here: https://github.com/fail2ban/fail2ban/issues/44
Fail2ban and wordpress
25/07/2014
If you use fail2ban on your server and you are running WordPress you could use this plugin:
https://wordpress.org/plugins/wp-fail2ban/
“WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH.”
So now when kiddies try to “hack” your login page, Fail2Ban will kick in and do its job.
wordpress.conf:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# Fail2Ban configuration file # # Author: Charles Lecklider # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = wordpress # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = |
WP fail2ban plugin:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
<?php /* Plugin Name: WP fail2ban Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/ Description: Write all login attempts to syslog for integration with fail2ban. Version: 1.2.1 Author: Charles Lecklider Author URI: https://charles.lecklider.org/ License: GPL2 */ /* Copyright 2012-13 Charles Lecklider (email : wordpress@charles.lecklider.org) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ add_action( 'wp_login', function($user_login, $user) { openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH); syslog(LOG_INFO,"Accepted password for $user_login from {$_SERVER['REMOTE_ADDR']}"); },10,2); add_action( 'wp_login_failed', function($username) { openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH); syslog(LOG_NOTICE,"Authentication failure for $username from {$_SERVER['REMOTE_ADDR']}"); }); |