This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_fail2ban [2020/11/18 14:25] val [Интеграция fail2ban и snort] |
сервис_fail2ban [2021/02/23 17:25] val [Блокировка через cisco acl] |
||
---|---|---|---|
Line 93: | Line 93: | ||
maxretry = 1 | maxretry = 1 | ||
logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
+ | #action = mail-admin | ||
#action = iptables-allports-forward | #action = iptables-allports-forward | ||
#action = cisco-acl | #action = cisco-acl | ||
Line 102: | Line 103: | ||
failregex = .*snort.*Priority: 1.*} <HOST>.* | failregex = .*snort.*Priority: 1.*} <HOST>.* | ||
# .*snort.*Priority: 2.*} <HOST>.* | # .*snort.*Priority: 2.*} <HOST>.* | ||
+ | </code> | ||
+ | |||
+ | ==== Уведомление по email ==== | ||
+ | <code> | ||
+ | # cat /etc/fail2ban/action.d/mail-admin.conf | ||
+ | </code><code> | ||
+ | [Definition] | ||
+ | |||
+ | actionban = printf %%b "Hi,\n | ||
+ | Ban this <ip> | ||
+ | Regards,\n | ||
+ | Fail2Ban"|mail -s "[Fail2Ban] Ban <name> <ip>" <dest> | ||
+ | |||
+ | actionunban = printf %%b "Hi,\n | ||
+ | Unban this <ip> | ||
+ | Regards,\n | ||
+ | Fail2Ban"|mail -s "[Fail2Ban] Unban <name> <ip>" <dest> | ||
+ | |||
+ | [Init] | ||
+ | |||
+ | name = mail-admin | ||
+ | |||
+ | dest = student | ||
</code> | </code> | ||
Line 171: | Line 195: | ||
actionunban = /root/cisco-change-firewall.sh | actionunban = /root/cisco-change-firewall.sh | ||
+ | # if atack from DNS) | ||
+ | #actionunban = echo /root/cisco-change-firewall.sh | at now + 1 min | ||
</code> | </code> | ||