Sep 2 2010

Ochrona Apache (phpmyadmina) przed atakiem brute force

format logowania w mod_ssl.conf:

CustomLog /var/log/httpd/ssl_request_log \
“%h %t %l %u %{userStatus}n %>s %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

format logowania w httpd.conf

LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %{userStatus}n” combined

tworzymy plik /etc/fail2ban/filter.d/apache-mysql.conf

failregex = <HOST>.* mysql-denied

w pliku /etc/fail2ban/jail.conf dodajemy linijki

[apache-mysql]
enabled  = true
filter   = apache-mysql
action   = hostsdeny
iptables-multiport[name=apache-auth, port=”80,443,3306″, protocol=tcp]
mail-whois[name=Apache-mysql, dest=root]
logpath  = /var/log/httpd/ssl_request_log
maxretry = 6

Restartujemy fail2ban.

Categories Linux on September 2, 2010 by Rafał Romanowski | No Comments
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.