Differences

This shows you the differences between two versions of the page.

--- сервис_fail2ban [2020/11/18 20:17]
val [Блокировка через cisco acl]
+++ сервис_fail2ban [2024/05/09 11:01]
val [Установка]
@@ Line 6: / Line 6: @@
   * [[https://help.ubuntu.com/community/Fail2ban|Fail2ban]]
+  * [[https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2055114|fail2ban is broken in 24.04 Noble]]
 <code>
+debian11# apt install iptables
+debian12# apt install iptables rsyslog
 # apt install fail2ban
+ubuntu24# wget https://launchpad.net/ubuntu/+source/fail2ban/1.1.0-1/+build/28291332/+files/fail2ban_1.1.0-1_all.deb
+ubuntu24# dpkg -i fail2ban_1.1.0-1_all.deb
 </code>
@@ Line 28: / Line 35: @@
 [sshd]
 maxretry = 6
+#ignoreip = 192.168.X.0/24 192.168.100+X.0/24
 [asterisk]
 enabled = true
 maxretry = 3
+#bantime = 30d
+#action = iptables-allports[blocktype=DROP]
+#action = route[blocktype=blackhole]
 </code>
@@ Line 54: / Line 65: @@
 ===== Интеграция fail2ban и cisco log =====
+  * Резервное копирование конфигурации
 <code>
 # cat /etc/fail2ban/jail.d/cisco-change-config.conf
@@ Line 78: / Line 92: @@
             cd /srv/tftp/
             /usr/bin/git add *
-            /usr/bin/git status | grep 'modified\|deleted\|new file' | /usr/bin/git commit -a -F -
+            /usr/bin/git --no-optional-locks status | grep 'modified\|deleted\|new file' | /usr/bin/git commit -a -F -
 </code>
 ===== Интеграция fail2ban и snort =====
@@ Line 91: / Line 105: @@
 bantime     = 300
 filter      = snort_filter
-maxretry    = 1
+maxretry    = 3
 logpath     = /var/log/auth.log
+#action      = mail-admin
 #action      = iptables-allports-forward
 #action      = cisco-acl
@@ Line 102: / Line 117: @@
 failregex = .*snort.*Priority: 1.*} <HOST>.*
 #        .*snort.*Priority: 2.*} <HOST>.*
+</code>
+==== Уведомление по email ====
+<code>
+# cat /etc/fail2ban/action.d/mail-admin.conf
+</code><code>
+[Definition]
+actionban = printf %%b "Hi,\n
+            Ban this <ip>
+            Regards,\n
+            Fail2Ban"|mail -s "[Fail2Ban] Ban <name> <ip>" <dest>
+actionunban = printf %%b "Hi,\n
+            Unban this <ip>
+            Regards,\n
+            Fail2Ban"|mail -s "[Fail2Ban] Unban <name> <ip>" <dest>
+[Init]
+name = mail-admin
+dest = student
 </code>
@@ Line 127: / Line 165: @@
 <code>
+server# rsh router show access-lists
+</code><code>
 # cat /root/cisco-acl-deny.sh
 </code><code>
@@ Line 146: / Line 186: @@
  permit udp any any
  permit tcp any any established
- deny   ip any any log
+ deny   ip any any ! log
 end
 </code><code>
@@ Line 170: / Line 210: @@
 actionban = /root/cisco-change-firewall.sh
-# f2b bug
+actionunban = /root/cisco-change-firewall.sh
-actionunban = echo /root/cisco-change-firewall.sh | at now + 1 min
+# if atack from DNS)
+#actionunban = echo /root/cisco-change-firewall.sh | at now + 1 min
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools