Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
сервис_fail2ban [2020/09/16 13:07]
val [Сервис Fail2ban] 		сервис_fail2ban [2022/05/20 13:25]
val [Настройка]
Line 8: Line 8:
  
 <​code>​ <​code>​
 +debian11# apt install iptables
 +
 # apt install fail2ban # apt install fail2ban
 </​code>​ </​code>​
Line 32: Line 34:
 enabled = true enabled = true
 maxretry = 3 maxretry = 3
 +#bantime = 30d
 +#action = iptables-allports[blocktype=DROP]
 </​code>​ </​code>​
  
Line 54: Line 58:
  
 ===== Интеграция fail2ban и cisco log ===== ===== Интеграция fail2ban и cisco log =====
 +
 +  * Резервное копирование конфигурации
 +
 <​code>​ <​code>​
 # cat /​etc/​fail2ban/​jail.d/​cisco-change-config.conf # cat /​etc/​fail2ban/​jail.d/​cisco-change-config.conf
Line 67: Line 74:
 # cat /​etc/​fail2ban/​filter.d/​cisco-change-config.conf # cat /​etc/​fail2ban/​filter.d/​cisco-change-config.conf
 </​code><​code>​ </​code><​code>​
-[INCLUDES] 
- 
 [Definition] [Definition]
  
Line 80: Line 85:
             cd /srv/tftp/             cd /srv/tftp/
             /​usr/​bin/​git add *             /​usr/​bin/​git add *
-            /​usr/​bin/​git status | grep '​modified\|deleted\|new file' | /​usr/​bin/​git commit -a -F -+            /​usr/​bin/​git ​--no-optional-locks ​status | grep '​modified\|deleted\|new file' | /​usr/​bin/​git commit -a -F -
 </​code>​ </​code>​
 ===== Интеграция fail2ban и snort ===== ===== Интеграция fail2ban и snort =====
Line 93: Line 98:
 bantime ​    = 300 bantime ​    = 300
 filter ​     = snort_filter filter ​     = snort_filter
-maxretry ​   = 1+maxretry ​   = 3
 logpath ​    = /​var/​log/​auth.log logpath ​    = /​var/​log/​auth.log
 +#​action ​     = mail-admin
 #​action ​     = iptables-allports-forward #​action ​     = iptables-allports-forward
 #​action ​     = cisco-acl #​action ​     = cisco-acl
Line 100: Line 106:
 # cat /​etc/​fail2ban/​filter.d/​snort_filter.conf # cat /​etc/​fail2ban/​filter.d/​snort_filter.conf
 </​code><​code>​ </​code><​code>​
-[INCLUDES] 
- 
 [Definition] [Definition]
  
 failregex = .*snort.*Priority:​ 1.*} <​HOST>​.* failregex = .*snort.*Priority:​ 1.*} <​HOST>​.*
 #        .*snort.*Priority:​ 2.*} <​HOST>​.* #        .*snort.*Priority:​ 2.*} <​HOST>​.*
 +</​code>​
 +
 +==== Уведомление по email ====
 +<​code>​
 +# cat /​etc/​fail2ban/​action.d/​mail-admin.conf
 +</​code><​code>​
 +[Definition]
 +
 +actionban = printf %%b "Hi,\n
 +            Ban this <ip>
 +            Regards,\n
 +            Fail2Ban"​|mail -s "​[Fail2Ban] Ban <​name>​ <​ip>"​ <​dest>​
 +
 +actionunban = printf %%b "Hi,\n
 +            Unban this <ip>
 +            Regards,\n
 +            Fail2Ban"​|mail -s "​[Fail2Ban] Unban <​name>​ <​ip>"​ <​dest>​
 +
 +[Init]
 +
 +name = mail-admin
  
-ignoreregex ​=+dest student
 </​code>​ </​code>​
  
Line 133: Line 158:
  
 <​code>​ <​code>​
 +server# rsh router show access-lists
 +</​code><​code>​
 # cat /​root/​cisco-acl-deny.sh # cat /​root/​cisco-acl-deny.sh
 </​code><​code>​ </​code><​code>​
Line 152: Line 179:
  ​permit udp any any  ​permit udp any any
  ​permit tcp any any established  ​permit tcp any any established
- ​deny ​  ip any any log+ ​deny ​  ip any any log
 end end
 </​code><​code>​ </​code><​code>​
Line 177: Line 204:
  
 actionunban = /​root/​cisco-change-firewall.sh actionunban = /​root/​cisco-change-firewall.sh
 +# if atack from DNS)
 +#​actionunban = echo /​root/​cisco-change-firewall.sh | at now + 1 min
 </​code>​ </​code>​
  
сервис_fail2ban.txt · Last modified: 2023/12/20 07:18 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki