Apache: Ein kleiner Schutz vor Schwachstellen Scanner

Ein kleiner Schutz vor Schwachstellen Scanner: w00tw00t.at.ISC.SANS.DFind

apt-get install fail2ban


/etc/fail2ban/jail.conf

#####
# HTTP
####

[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3

[block_ww0twt]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*error.log
maxretry = 3


/etc/fail2ban/filter.d/apache-404.conf

# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#

failregex = [[]client (?P\S*)[]] File does not exist: *

#

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)


/etc/fail2ban/filter.d/block_ww0twt.conf

# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#

#failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname *
failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname \(see RFC2616 section 14.23\): \/w00tw00t.*

#

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)






block_ww0twt_2.conf

# Fail2Ban configuration file
#
# License: GPL
# You are free to Use this on other Sites if you link back to this Site.
#
[Definition]
# Option: failregex
# Notes.: regex to match the "File does not exist" messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#

#failregex = [[]client (?P\S*)[]] client sent HTTP/1.1 request without hostname *
failregex = [[]client (?P\S*)[]] script .* not found or unable to stat

#

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# standart search for favicon.ico and robots.txt - this is often thrown and may do stupid mistakes
# Values: TEXT
#
ignoreregex = .*(robots.txt|favicon.ico)