alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: use pyinotify backend for nginx fail2ban jail

Browse Source 
This seems to be automatically selected, but on some other servers
I notice it is not. I will set it here explicitly so fail2ban does
not fall back to the inefficient "polling" or incorrect "systemd"
backends.
This commit is contained in:
Alan Orth 2022-01-04 15:10:02 +02:00
parent 68f0b85eb3
commit 0ffb1b1a36
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2
View File

@ -9,6 +9,7 @@ banaction=nftables[type=allports]
# Integrate with firewalld and ipsets # Integrate with firewalld and ipsets
banaction = firewallcmd-ipset banaction = firewallcmd-ipset
{% endif %} {% endif %}
backend = pyinotify
logpath = /var/log/nginx/*-access.log logpath = /var/log/nginx/*-access.log
# Try to find a non-existent wp-login.php once and get banned. Tough luck. # Try to find a non-existent wp-login.php once and get banned. Tough luck.
maxretry = 1 maxretry = 1