User Tools
сервис_fail2ban
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_fail2ban [2022/03/15 13:08] val [Интеграция fail2ban и snort] |
сервис_fail2ban [2024/05/11 15:47] (current) val [Интеграция fail2ban и snort] |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| * [[https://help.ubuntu.com/community/Fail2ban|Fail2ban]] | * [[https://help.ubuntu.com/community/Fail2ban|Fail2ban]] | ||
| + | * [[https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2055114|fail2ban is broken in 24.04 Noble]] | ||
| <code> | <code> | ||
| debian11# apt install iptables | debian11# apt install iptables | ||
| + | debian12# apt install iptables rsyslog | ||
| # apt install fail2ban | # apt install fail2ban | ||
| + | |||
| + | ubuntu24# wget https://launchpad.net/ubuntu/+source/fail2ban/1.1.0-1/+build/28291332/+files/fail2ban_1.1.0-1_all.deb | ||
| + | ubuntu24# dpkg -i fail2ban_1.1.0-1_all.deb | ||
| </code> | </code> | ||
| Line 30: | Line 35: | ||
| [sshd] | [sshd] | ||
| maxretry = 6 | maxretry = 6 | ||
| + | #ignoreip = 192.168.X.0/24 192.168.100+X.0/24 | ||
| [asterisk] | [asterisk] | ||
| enabled = true | enabled = true | ||
| maxretry = 3 | maxretry = 3 | ||
| + | #bantime = 30d | ||
| + | #action = iptables-allports[blocktype=DROP] | ||
| + | #action = route[blocktype=blackhole] | ||
| </code> | </code> | ||
| Line 88: | Line 97: | ||
| * [[https://github.com/frankiejol/snortban|frankiejol/snortban]] | * [[https://github.com/frankiejol/snortban|frankiejol/snortban]] | ||
| + | * Сервис SNORT [[Сервис SNORT#Копирование alert_unified2 в syslog]] | ||
| <code> | <code> | ||
| Line 99: | Line 109: | ||
| logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| #action = mail-admin | #action = mail-admin | ||
| + | #action = iptables-allports | ||
| #action = iptables-allports-forward | #action = iptables-allports-forward | ||
| #action = cisco-acl | #action = cisco-acl | ||
| Line 108: | Line 119: | ||
| failregex = .*snort.*Priority: 1.*} <HOST>.* | failregex = .*snort.*Priority: 1.*} <HOST>.* | ||
| # .*snort.*Priority: 2.*} <HOST>.* | # .*snort.*Priority: 2.*} <HOST>.* | ||
| + | |||
| + | #failregex = .*Original Client IP: <HOST>.* | ||
| </code> | </code> | ||
| Line 132: | Line 145: | ||
| dest = student | dest = student | ||
| </code> | </code> | ||
| + | |||
| + | * [[#Запуск и отладка]] | ||
| ==== Блокировка через iptables ==== | ==== Блокировка через iptables ==== | ||
| Line 153: | Line 168: | ||
| </code> | </code> | ||
| + | * [[#Запуск и отладка]] | ||
| ==== Блокировка через cisco acl ==== | ==== Блокировка через cisco acl ==== | ||
| Line 206: | Line 222: | ||
| </code> | </code> | ||
| + | * [[#Запуск и отладка]] | ||
| ===== Отладка собственных фильтров ===== | ===== Отладка собственных фильтров ===== | ||
сервис_fail2ban.1647338880.txt.gz · Last modified: 2022/03/15 13:08 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
