This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_fail2ban [2020/03/04 10:05] val [Интеграция fail2ban и cisco log] |
сервис_fail2ban [2020/06/25 16:36] val [Интеграция fail2ban и snort] |
||
---|---|---|---|
Line 70: | Line 70: | ||
[Definition] | [Definition] | ||
- | failregex = <HOST>.*Configured from console.* | + | failregex = <HOST>.*Configured from.* |
</code><code> | </code><code> | ||
# cat /etc/fail2ban/action.d/cisco-backup-config.conf | # cat /etc/fail2ban/action.d/cisco-backup-config.conf | ||
Line 86: | Line 86: | ||
<code> | <code> | ||
- | # cat jail.d/snort_jail.conf | + | # cat /etc/fail2ban/jail.d/snort_jail.conf |
</code><code> | </code><code> | ||
[snort] | [snort] | ||
Line 97: | Line 97: | ||
#action = cisco-acl | #action = cisco-acl | ||
</code><code> | </code><code> | ||
- | # cat filter.d/snort_filter.conf | + | # cat /etc/fail2ban/filter.d/snort_filter.conf |
</code><code> | </code><code> | ||
[INCLUDES] | [INCLUDES] | ||
Line 133: | Line 133: | ||
permit tcp any host 192.168.X.10 eq 80 | permit tcp any host 192.168.X.10 eq 80 | ||
permit tcp any host 192.168.X.10 eq 22 | permit tcp any host 192.168.X.10 eq 22 | ||
- | permit icmp any 192.168.X.0 0.0.0.255 | + | permit icmp any 192.168.0.0 0.0.255.255 |
permit ip any host 172.16.1.X | permit ip any host 172.16.1.X | ||
permit udp any any | permit udp any any |