Differences

This shows you the differences between two versions of the page.

--- сервис_fail2ban [2024/05/10 07:29]
val [Блокировка через cisco acl]
+++ сервис_fail2ban [2024/12/28 11:55] (current)
val [Настройка]
@@ Line 35: / Line 35: @@
 [sshd]
 maxretry = 6
+#port = 2222
 #ignoreip = 192.168.X.0/24 192.168.100+X.0/24
@@ Line 97: / Line 98: @@
   * [[https://github.com/frankiejol/snortban|frankiejol/snortban]]
+  * Сервис SNORT [[Сервис SNORT#Копирование alert_unified2 в syslog]]
 <code>
@@ Line 108: / Line 110: @@
 logpath     = /var/log/auth.log
 #action      = mail-admin
+#action      = iptables-allports
 #action      = iptables-allports-forward
 #action      = cisco-acl
@@ Line 117: / Line 120: @@
 failregex = .*snort.*Priority: 1.*} <HOST>.*
 #        .*snort.*Priority: 2.*} <HOST>.*
+#failregex = .*Original Client IP: <HOST>.*
 </code>
@@ Line 196: / Line 201: @@
 #!/bin/sh
-cat > /root/firewall.acl <<EOF
+cat > /srv/tftp/firewall.acl <<EOF
 no ip access-list extended ACL_FIREWALL
 ip access-list extended ACL_FIREWALL
 EOF
-/root/cisco-acl-deny.sh >> /root/firewall.acl
+/root/cisco-acl-deny.sh >> /srv/tftp/firewall.acl
-cat /root/cisco-acl-permit.txt >> /root/firewall.acl
+cat /root/cisco-acl-permit.txt >> /srv/tftp/firewall.acl
-/usr/bin/rcp /root/firewall.acl router:running-config
+#/usr/bin/rcp /srv/tftp/firewall.acl router:running-config
+#/usr/bin/snmpset -c write -v2c router .1.3.6.1.4.1.9.2.1.53.192.168.X.10 string "firewall.acl"
 </code><code>
 # cat /etc/fail2ban/action.d/cisco-acl.conf

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools