This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_fail2ban [2021/11/17 16:17] val [Установка] |
сервис_fail2ban [2022/12/05 07:17] val [Настройка] |
||
---|---|---|---|
Line 34: | Line 34: | ||
enabled = true | enabled = true | ||
maxretry = 3 | maxretry = 3 | ||
+ | #bantime = 30d | ||
+ | #action = iptables-allports[blocktype=DROP] | ||
+ | #action = route | ||
</code> | </code> | ||
Line 56: | Line 59: | ||
===== Интеграция fail2ban и cisco log ===== | ===== Интеграция fail2ban и cisco log ===== | ||
+ | |||
+ | * Резервное копирование конфигурации | ||
+ | |||
<code> | <code> | ||
# cat /etc/fail2ban/jail.d/cisco-change-config.conf | # cat /etc/fail2ban/jail.d/cisco-change-config.conf | ||
Line 93: | Line 99: | ||
bantime = 300 | bantime = 300 | ||
filter = snort_filter | filter = snort_filter | ||
- | maxretry = 1 | + | maxretry = 3 |
logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
#action = mail-admin | #action = mail-admin | ||
Line 153: | Line 159: | ||
<code> | <code> | ||
+ | server# rsh router show access-lists | ||
+ | </code><code> | ||
# cat /root/cisco-acl-deny.sh | # cat /root/cisco-acl-deny.sh | ||
</code><code> | </code><code> | ||
Line 172: | Line 180: | ||
permit udp any any | permit udp any any | ||
permit tcp any any established | permit tcp any any established | ||
- | deny ip any any # log | + | deny ip any any ! log |
end | end | ||
</code><code> | </code><code> |