Fail2ban: diferència entre les revisions

De WikiMar
Salta a la navegació Salta a la cerca
Línia 19: Línia 19:
But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex:
But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex:


^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
<pre>
^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
            ^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
 
            ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
</pre>


https://github.com/fail2ban/fail2ban/issues/1284
https://github.com/fail2ban/fail2ban/issues/1284

Revisió del 22:40, 31 març 2016

Install Fail2ban on CentOS/Fedora

Instead of installing with yum install fail2ban, use: 

yum install fail2ban-server
systemctl enable fail2ban
systemctl restart fail2ban

The packet fail2ban also installs the Firewalld, which blocks by default all traffic after restarting the server.


Info: http://pkgs.org/centos-7/puias-unsupported-x86_64/fail2ban-server-0.9.2-1.sdl7.noarch.rpm.html

Enable mail

 yum install fail2ban-sendmail

Fail2ban when ssh in telnet port

This are no failures in sense of authentication (because login does not take place).

But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex: 

            ^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
            ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$

https://github.com/fail2ban/fail2ban/issues/1284

Obtingut de «https://wiki.espai.de/index.php?title=Fail2ban&oldid=1499»