User Tools
сервис_fail2ban
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_fail2ban [2024/05/10 07:28] val [Блокировка через iptables] |
сервис_fail2ban [2025/10/20 12:00] (current) val [Мониторинг и управление] |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| # apt install fail2ban | # apt install fail2ban | ||
| - | ubuntu24# wget https://launchpad.net/ubuntu/+source/fail2ban/1.1.0-1/+build/28291332/+files/fail2ban_1.1.0-1_all.deb | + | ubuntu24# ###wget https://launchpad.net/ubuntu/+source/fail2ban/1.1.0-1/+build/28291332/+files/fail2ban_1.1.0-1_all.deb |
| - | ubuntu24# dpkg -i fail2ban_1.1.0-1_all.deb | + | ubuntu24# ###dpkg -i fail2ban_1.1.0-1_all.deb |
| </code> | </code> | ||
| Line 35: | Line 35: | ||
| [sshd] | [sshd] | ||
| maxretry = 6 | maxretry = 6 | ||
| + | #port = 2222 | ||
| #ignoreip = 192.168.X.0/24 192.168.100+X.0/24 | #ignoreip = 192.168.X.0/24 192.168.100+X.0/24 | ||
| Line 43: | Line 44: | ||
| #action = iptables-allports[blocktype=DROP] | #action = iptables-allports[blocktype=DROP] | ||
| #action = route[blocktype=blackhole] | #action = route[blocktype=blackhole] | ||
| + | |||
| + | #https://github.com/fail2ban/fail2ban/discussions/3836|Asterisk 20.6 on Ubuntu 24.04: Fail2Ban not working | ||
| + | #backend = auto | ||
| + | #logpath = /var/log/asterisk/messages.log | ||
| </code> | </code> | ||
| Line 58: | Line 63: | ||
| # fail2ban-client status asterisk | # fail2ban-client status asterisk | ||
| + | |||
| + | # iptables-save | ||
| + | # nft list ruleset | ||
| # fail2ban-client set asterisk unbanip 172.16.1.150 | # fail2ban-client set asterisk unbanip 172.16.1.150 | ||
| Line 97: | Line 105: | ||
| * [[https://github.com/frankiejol/snortban|frankiejol/snortban]] | * [[https://github.com/frankiejol/snortban|frankiejol/snortban]] | ||
| + | * Сервис SNORT [[Сервис SNORT#Копирование alert_unified2 в syslog]] | ||
| <code> | <code> | ||
| Line 108: | Line 117: | ||
| logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| #action = mail-admin | #action = mail-admin | ||
| + | #action = iptables-allports | ||
| #action = iptables-allports-forward | #action = iptables-allports-forward | ||
| #action = cisco-acl | #action = cisco-acl | ||
| Line 117: | Line 127: | ||
| failregex = .*snort.*Priority: 1.*} <HOST>.* | failregex = .*snort.*Priority: 1.*} <HOST>.* | ||
| # .*snort.*Priority: 2.*} <HOST>.* | # .*snort.*Priority: 2.*} <HOST>.* | ||
| + | |||
| + | #failregex = .*Original Client IP: <HOST>.* | ||
| </code> | </code> | ||
| Line 196: | Line 208: | ||
| #!/bin/sh | #!/bin/sh | ||
| - | cat > /root/firewall.acl <<EOF | + | cat > /srv/tftp/firewall.acl <<EOF |
| no ip access-list extended ACL_FIREWALL | no ip access-list extended ACL_FIREWALL | ||
| ip access-list extended ACL_FIREWALL | ip access-list extended ACL_FIREWALL | ||
| EOF | EOF | ||
| - | /root/cisco-acl-deny.sh >> /root/firewall.acl | + | /root/cisco-acl-deny.sh >> /srv/tftp/firewall.acl |
| - | cat /root/cisco-acl-permit.txt >> /root/firewall.acl | + | cat /root/cisco-acl-permit.txt >> /srv/tftp/firewall.acl |
| - | /usr/bin/rcp /root/firewall.acl router:running-config | + | #/usr/bin/rcp /srv/tftp/firewall.acl router:running-config |
| + | #/usr/bin/snmpset -c write -v2c router .1.3.6.1.4.1.9.2.1.53.192.168.X.10 string "firewall.acl" | ||
| </code><code> | </code><code> | ||
| # cat /etc/fail2ban/action.d/cisco-acl.conf | # cat /etc/fail2ban/action.d/cisco-acl.conf | ||
| Line 218: | Line 231: | ||
| </code> | </code> | ||
| + | * [[#Запуск и отладка]] | ||
| ===== Отладка собственных фильтров ===== | ===== Отладка собственных фильтров ===== | ||
сервис_fail2ban.1715315337.txt.gz · Last modified: 2024/05/10 07:28 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
