This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_fail2ban [2020/06/26 14:00] val [Интеграция fail2ban и snort] |
сервис_fail2ban [2020/09/16 13:07] val [Сервис Fail2ban] |
||
---|---|---|---|
Line 2: | Line 2: | ||
* [[https://thefragens.com/2010/11/checking-fail2ban-regex/|Checking Fail2ban regex]] | * [[https://thefragens.com/2010/11/checking-fail2ban-regex/|Checking Fail2ban regex]] | ||
+ | * [[https://forum.yunohost.org/t/fail2ban-high-cpu-usage/2439|Fail2ban high CPU usage]] | ||
===== Установка ===== | ===== Установка ===== | ||
Line 8: | Line 9: | ||
<code> | <code> | ||
# apt install fail2ban | # apt install fail2ban | ||
- | |||
- | # cd /etc/fail2ban/ | ||
</code> | </code> | ||
Line 15: | Line 14: | ||
<code> | <code> | ||
- | # cat jail.conf | + | # cat /etc/fail2ban/jail.conf |
+ | |||
+ | # ls /etc/fail2ban/jail.d/ | ||
- | # ls jail.d/ | + | # cat /etc/fail2ban/jail.d/defaults-debian.conf |
- | # cat filter.d/sshd.conf | + | # cat /etc/fail2ban/filter.d/sshd.conf |
- | # cat filter.d/asterisk.conf | + | # cat /etc/fail2ban/filter.d/asterisk.conf |
</code><code> | </code><code> | ||
- | # cat jail.local | + | # cat /etc/fail2ban/jail.local |
</code><code> | </code><code> | ||
[sshd] | [sshd] | ||
Line 30: | Line 31: | ||
[asterisk] | [asterisk] | ||
enabled = true | enabled = true | ||
- | maxretry = 3 | + | maxretry = 3 |
</code> | </code> | ||
Line 112: | Line 113: | ||
<code> | <code> | ||
- | # iptables -A FORWARD -j f2b-snort | + | # cp /etc/fail2ban/action.d/iptables-allports.conf /etc/fail2ban/action.d/iptables-allports-forward.conf |
+ | |||
+ | # cat /etc/fail2ban/action.d/iptables-allports-forward.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | before = iptables-common-forward.conf | ||
+ | ... | ||
+ | </code><code> | ||
+ | # cp /etc/fail2ban/action.d/iptables-common.conf /etc/fail2ban/action.d/iptables-common-forward.conf | ||
+ | |||
+ | # cat /etc/fail2ban/action.d/iptables-common-forward.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | chain = FORWARD | ||
+ | ... | ||
</code> | </code> | ||