Fail2ban: diferència entre les revisions

De WikiMar
Salta a la navegació Salta a la cerca
Línia 20: Línia 20:


Also add the ,23 besides the ssh port for the ssh. See section below.
Also add the ,23 besides the ssh port for the ssh. See section below.
If you have reverse tunnels to other server also add:
ignoreip =
So that 127.0.0.1 is also blocked (reverse connections arrive from 127.0.0.1)




Revisió del 14:54, 1 abr 2016

Commands

To see the list of jails active: 

fail2ban-client status

To see the status of a jail and if it banned any IP: 

fail2ban-client status sshd


Install common

After installing fail2ban configure: 

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
vi /etc/fail2ban/jail.local

Add: "'enable=true'" under each of the services installed. SSH, Apache, Nginx, Vsftp, etc. Specially interesting is to enable the 'pam-generic', and in fedora/centos you need to change: 

logpath  = /var/log/secure

instead of 

logpath  = /var/log/auth.log

Also add the ,23 besides the ssh port for the ssh. See section below.

If you have reverse tunnels to other server also add: 

ignoreip =

So that 127.0.0.1 is also blocked (reverse connections arrive from 127.0.0.1)


Restart the service, 

systemctl start fail2ban

if it does not restart see the reason: 

fail2ban-client -v -v start

Install Fail2ban on Ubuntu

apt-get install fail2ban
sudo service fail2ban restart
sudo update-rc.d fail2ban enable


Install Fail2ban on CentOS/Fedora

Instead of installing with yum install fail2ban, use: 

yum install fail2ban-server fail2ban-systemd
systemctl enable fail2ban
systemctl restart fail2ban

The packet fail2ban also installs the Firewalld, which blocks by default all traffic after restarting the server.


Info: http://pkgs.org/centos-7/puias-unsupported-x86_64/fail2ban-server-0.9.2-1.sdl7.noarch.rpm.html

Enable mail

 yum install fail2ban-sendmail

Fail2ban when ssh in telnet port

This are no failures in sense of authentication (because login does not take place).

But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex: 

            ^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
            ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$


Add the ,23 besides the ssh port in the /etc/fail2ban/jail.local 

[sshd]
port    = ssh,23


https://github.com/fail2ban/fail2ban/issues/1284

Obtingut de «https://wiki.espai.de/index.php?title=Fail2ban&oldid=1510»