Details |
Last modification |
View Log
| RSS feed
| Rev |
Author |
Line No. |
Line |
| 3 |
- |
1 |
# Fail2Ban filter for suhosian PHP hardening
|
|
|
2 |
#
|
|
|
3 |
# This occurs with lighttpd or directly from the plugin
|
|
|
4 |
#
|
|
|
5 |
|
|
|
6 |
[INCLUDES]
|
|
|
7 |
|
|
|
8 |
# Read common prefixes. If any customizations available -- read them from
|
|
|
9 |
# common.local
|
|
|
10 |
before = common.conf
|
|
|
11 |
|
|
|
12 |
|
|
|
13 |
[Definition]
|
|
|
14 |
|
|
|
15 |
_daemon = (?:lighttpd|suhosin)
|
|
|
16 |
|
|
|
17 |
|
|
|
18 |
_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)
|
|
|
19 |
|
|
|
20 |
failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '<HOST>', file '.*'(?:, line \d+)?\)$
|
|
|
21 |
|
|
|
22 |
ignoreregex =
|
|
|
23 |
|
|
|
24 |
# DEV Notes:
|
|
|
25 |
#
|
|
|
26 |
# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161
|
|
|
27 |
#
|
|
|
28 |
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
|