/ Register

Want more timely Centmin Mod News Updates?
Become a Member

Security fail2ban for Centmin Mod + CSF Firewall / Cloudflare API

Discussion in 'System Administration' started by eva2000, May 12, 2017.

Tags:
Previous Thread Next Thread
Loading...
Page 7 of 10
  1. Sep 5, 2017 #121
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Do i need a better cleanup or it needs another fix?

    I just delete the /root/tools/centminmod-fail2ban folder and then i reinstall and i got:

    and

     
  2. Sep 5, 2017 #122
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    output for
    Code (Text):
    ls -lah /root/tools/centminmod-fail2ban
ls -lah /root/tools/centminmod-fail2ban/centos
     
  3. Sep 5, 2017 #123
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x

     
  4. Sep 5, 2017 #124
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
  5. Sep 5, 2017 #125
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    That one did the trick :)

    I got only:

    But it works :) Don't know if you want to do anything related to the above message ....

    Thank you !
     
  6. Sep 5, 2017 #126
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Is that the wrong syntax to remove an ip?

    Code:
    fail2ban-client set nginx-conn-limit unban 123.456.789.000
    the result is:

    But using this it works great:

    Just wondering :)
     
  7. Sep 5, 2017 #127
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    use the latter ;)
    should be fine
     
  8. Sep 7, 2017 #128
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    At jail.local i can see that:

    but on that path we have always access.log and error.log only.

    So there is no reason to use the * in front or at the back of "error" name...

    For me it will be better to use:

    Code:
    logpath = /usr/local/nginx/logs/access.log
          /usr/local/nginx/logs/error.log

    or just keep the direct link to error.log only if you want to check only this file...

    Can you please verify George and add that as default ?

    Thank you !
     
  9. Sep 7, 2017 #129
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    See Centmin Mod Configuration Files - CentminMod.com LEMP Nginx web stack for CentOS jail for main hostname's nginx vhost detects log file names different from normal vhost generated nginx vhosts.
    In fact fail2ban's jail for main vhost has incomplete path for
    Code (Text):
    logpath = /usr/local/nginx/logs/*error*.log

    there should be an additional path to account for /var/log/nginx/localhost.error.log i.e. /var/log/nginx/*.error.log

    so needs fixing just not the way you assumed :)

    edit: updated fail2ban jails for missing default main vhost logpaths add missing logpath for default main vhost · centminmod/centminmod-fail2ban@4144fbe · GitHub

    so jails pick up the /var/log/nginx paths now
    Code (Text):
    ---------------------------------------
nginx-req-limit-main parameters:
maxretry: 5 findtime: 600 bantime: 7200
allow rate: 576 hits/day
filter last modified: Thu Sep  7 01:28:08 UTC 2017
Status for the jail: nginx-req-limit-main
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /var/log/nginx/localhost.error.log /usr/local/nginx/logs/error.log /var/log/nginx/localhost_ssl.error.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:

    Code (Text):
    ---------------------------------------
wordpress-auth parameters:
maxretry: 3 findtime: 60 bantime: 600
allow rate: 2880 hits/day
filter last modified: Thu Sep  7 01:28:17 UTC 2017
Status for the jail: wordpress-auth
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /usr/local/nginx/logs/access.log /var/log/nginx/localhost.access.log /var/log/nginx/localhost_ssl.access.log /home/nginx/domains/demodomain.com/log/access.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
     
    Last edited: Sep 7, 2017
  10. Sep 7, 2017 #130
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    The above are correct but only for the path:
    But I am talking for the path:
    If you check any of your servers you will see that there are only:

    So we can point to them directly without any *
     
  11. Sep 7, 2017 #131
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    I see what you mean. For now should be fine.
     
  12. Sep 7, 2017 #132
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    actually it's already done for where it counts for vhost logs i.e.

    /home/nginx/domains/*/log/access.log

    for /usr/local/nginx/logs/ there's other logs that can go in there but it was for /var/log/nginx really the wildcards as they're prefixed with localhost. and phpmyadmin logs have local_ssl. prefix too i.e. /var/log/nginx/localhost.access.log and /var/log/nginx/localhost_ssl.access.log
     
  13. Sep 7, 2017 #133
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    That's a nice fix but i think is better to do this:

    Code:
    logpath = /home/nginx/domains/*/log/access.log
               /usr/local/nginx/logs/*access*.log
               /var/log/nginx/*.access.log

    change to:

    Code:
    logpath = /home/nginx/domains/*/log/access.log
               /home/nginx/domains/*/log/error.log
               /usr/local/nginx/logs/access.log
               /usr/local/nginx/logs/error.log
              /var/log/nginx/*.access.log
             /var/log/nginx/*.error.log
    Don't know if all entries needed but i think that's better format to use.....

    What do you think?
     
  14. Sep 7, 2017 #134
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    no you do not need all error and access logs, only what the specific fail2ban jail needs to read whether it's access or error log related.
     
  15. Sep 7, 2017 #135
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok then only that one can be a direct link:

    Code:
    /usr/local/nginx/logs/access.log
    As at that folder there will be always only the access.log and error.log and nothing related....

    and use the * at /var/log/nginx/ as needed there.... ?

    It's not an issue if you want to leave it as *access*.log as it will work but i think is not needed :)

    No problem do what you think is better :)
     
  16. Sep 7, 2017 #136
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    well yes technically for /usr/local/nginx/logs/*access*.log can be /usr/local/nginx/logs/access.log
     
  17. Sep 7, 2017 #137
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
  18. Sep 7, 2017 #138
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    No update function so i have to do the edits myself? :)
     
  19. Sep 7, 2017 #139
    eva2000

    eva2000 Administrator Staff Member

    50,869
    11,786
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,239
    Local Time:
    1:34 PM
    Nginx 1.25.x
    MariaDB 10.x
    re-running fail2ban.sh install will update everything
     
  20. Sep 7, 2017 #140
    pamamolf

    pamamolf Well-Known Member

    4,028
    421
    83
    May 31, 2014
    Ratings:
    +817
    Local Time:
    5:34 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Ok two more fixes please :)
    Code:
     action = csfdeny[name=nginx-common]
 #action   = cloudflare
 logpath = /home/nginx/domains/*/log/access.log
                /usr/local/nginx/logs/access.log
               /var/log/nginx/*.access.log
              /var/log/nginx/localhost_ssl.access.log
    and
    That line is not needed on the above:

    as it is covered by the:

    Code:
    /var/log/nginx/*.access.log
    Thank you
     
Previous Thread Next Thread
Loading...
Page 7 of 10

.