Comentarios en: Fail2ban rules for lighttpd fastcgi alerts http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html El blog de Buanzo y sus Secuaces Thu, 30 Jun 2011 18:50:28 +0000 hourly 1 http://wordpress.org/?v=3.2 Por: Home serveur : installation du serveur web | Univers Libre http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-2440 Home serveur : installation du serveur web | Univers Libre Sat, 08 May 2010 16:21:48 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-2440 [...] fail2ban, il ne gère pas nativement lighttpd. Mais ce n’est pas grave, un certain Buanzo a déjà écrit la regexp qui faut. Téléchargez le fichier puis placez le dans [...] [...] fail2ban, il ne gère pas nativement lighttpd. Mais ce n’est pas grave, un certain Buanzo a déjà écrit la regexp qui faut. Téléchargez le fichier puis placez le dans [...]

]]> Por: Gordon http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1751 Gordon Wed, 09 Dec 2009 06:17:23 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1751 No custom log is necessary - the IP of the user trying to log in unsuccessfully does appear in the normal error.log. At least it does in the version of lighttpd 1.4.22 found in Ubuntu 9.10. Example: 2009-12-09 00:50:37: (http_auth.c.875) password doesn't match for /folder/index.html myusername , IP:11.22.33.44 No custom log is necessary – the IP of the user trying to log in unsuccessfully does appear in the normal error.log. At least it does in the version of lighttpd 1.4.22 found in Ubuntu 9.10. Example:

2009-12-09 00:50:37: (http_auth.c.875) password doesn’t match for /folder/index.html myusername , IP:11.22.33.44

]]> Por: Buanzo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1684 Buanzo Thu, 12 Nov 2009 15:43:48 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1684 So you're Rodo's students? Great. :) Just mail me the regexes and I'll check them out and incorporate them into the project. So you’re Rodo’s students? Great. :) Just mail me the regexes and I’ll check them out and incorporate them into the project.

]]> Por: Bernardo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1683 Bernardo Thu, 12 Nov 2009 15:40:44 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1683 Hi! jeje ok, let's write in english then. We are a group of 3 people, which had already made the regex for lighttpd. Our professor is Rodolfo Pilas(he told us to tell you this, perhaps you know him) :-D. We can mail you and give the created regex in order to add this filter to the project. We have made 2 regex, one to check error.log and the other for acccess.log. Read you! berna Hi! jeje ok, let’s write in english then. We are a group of 3 people, which had already made the regex for lighttpd. Our professor is Rodolfo Pilas(he told us to tell you this, perhaps you know him) :-D .
We can mail you and give the created regex in order to add this filter to the project. We have made 2 regex, one to check error.log and the other for acccess.log.
Read you!

berna

]]> Por: Buanzo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1676 Buanzo Fri, 06 Nov 2009 13:58:39 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1676 Sadly, this particular post in my blog is in English. Bear with me and the rest of the world. :) Anyway, you could just write a lighttpd plugin or a custom log, then we could create a regex for that particular scenario. Have fun with the project. Sadly, this particular post in my blog is in English. Bear with me and the rest of the world. :)

Anyway, you could just write a lighttpd plugin or a custom log, then we could create a regex for that particular scenario.

Have fun with the project.

]]> Por: Bernardo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1675 Bernardo Fri, 06 Nov 2009 13:56:32 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1675 Si hablas español mejor! jeje no me había percatado que era argentina la página. La cosa es que el error.log no tienen ningún "ALERT" ni nada de lo que expresa la expresión regular. Idea de por qué puede ser? Lo que tiene la IP es el access.log que aunque falle, tiene la dirección desde donde se originó. Gracias por la respuesta!!! Estoy haciendo un proyecto y necesito configurar fail2ban para lighttpd. Bernardo Si hablas español mejor! jeje no me había percatado que era argentina la página. La cosa es que el error.log no tienen ningún “ALERT” ni nada de lo que expresa la expresión regular. Idea de por qué puede ser? Lo que tiene la IP es el access.log que aunque falle, tiene la dirección desde donde se originó.

Gracias por la respuesta!!!
Estoy haciendo un proyecto y necesito configurar fail2ban para lighttpd.

Bernardo

]]> Por: Buanzo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1674 Buanzo Fri, 06 Nov 2009 13:51:08 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1674 If no IP is included in the log, then nothing can be easily done. If no IP is included in the log, then nothing can be easily done.

]]> Por: Bernardo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1673 Bernardo Fri, 06 Nov 2009 13:48:16 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1673 I have the same problem that Gordon has. Any idea? I have the same problem that Gordon has. Any idea?

]]> Por: Bernardo http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1672 Bernardo Fri, 06 Nov 2009 03:18:46 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1672 I have the same problema as Gordon. Any idea? I have the same problema as Gordon. Any idea?

]]> Por: Gordon http://blogs.buanzo.com.ar/2009/01/fail2ban-rules-for-lighttpd-fastcgi-alerts.html/comment-page-1#comment-1148 Gordon Mon, 23 Feb 2009 05:16:59 +0000 http://blogs.buanzo.com.ar/?p=2146#comment-1148 Is it possible to block IP with fail2ban if invalid username or password tried too many times when using auth feature? I use auth.backend = plain for plain text password for simple directory password protection. Error in lighttpd error.log looks like this when username or password is wrong: 2009-02-23 00:02:41: (http_auth.c.859) get_password failed 2009-02-23 00:02:45: (http_auth.c.253) parsed error in /etc/lighttpd/plain.passwd expected 'username:hashed password' - thanks Is it possible to block IP with fail2ban if invalid username or password tried too many times when using auth feature? I use auth.backend = plain for plain text password for simple directory password protection. Error in lighttpd error.log looks like this when username or password is wrong:

2009-02-23 00:02:41: (http_auth.c.859) get_password failed
2009-02-23 00:02:45: (http_auth.c.253) parsed error in /etc/lighttpd/plain.passwd expected ‘username:hashed password’

- thanks

]]>