Fail2ban: Difference between revisions

From Q
Jump to navigation Jump to search
← Older editNewer edit →
Tgurr (talk | contribs)
1,619 edits
No edit summary
Tgurr (talk | contribs)
1,619 edits
mNo edit summary
Line 1: Line 1:
=== fail2ban installieren ===
=== Installing ===
{{Box Code|Zu installierende Pakete|
<pre>
[ebuild  N    ] net-firewall/iptables-1.3.7  USE="ipv6 -extensions -imq -l7filter -static" 192 kB
[ebuild  N    ] net-analyzer/fail2ban-0.7.8  54 kB
</pre>
}}


{{Codeline|# emerge fail2ban}}
{{Root|emerge fail2ban}}


{{Codeline|# /etc/init.d/iptables save}}
{{Root|/etc/init.d/iptables save}}


{{Codeline|# rc-update add iptables default}}
{{Root|rc-update add iptables default}}


{{Codeline|# rc-update add fail2ban default}}
{{Root|rc-update add fail2ban default}}


{{Kernel|Kernel .config|
{{Kernel|Kernel .config|
Line 31: Line 25:
}}
}}


 
{{File|/etc/ssh/sshd_config|
{{Box File|/etc/ssh/sshd_config|
<pre>
<pre>
SyslogFacility AUTH
SyslogFacility AUTH
Line 39: Line 32:
}}
}}


 
{{File|/etc/syslog-ng/syslog-ng.conf|
{{Box File|/etc/syslog-ng/syslog-ng.conf|
<pre>
<pre>
destination authlog { file("/var/log/auth.log"); };
destination authlog { file("/var/log/auth.log"); };
Line 51: Line 43:
}}
}}


{{Codeline|# touch /var/log/auth.log}}
{{Root|touch /var/log/auth.log}}


{{Codeline|# chmod 600 /var/log/auth.log}}
{{Root|chmod 600 /var/log/auth.log}}


{{Codeline|# /etc/init.d/syslog-ng restart}}
{{Root|/etc/init.d/syslog-ng restart}}


{{Box File|/etc/fail2ban.conf|
{{File|/etc/fail2ban.conf|
<pre>
<pre>
maxfailures = 3
maxfailures = 3
Line 76: Line 68:


=== fail2ban installieren ===
=== fail2ban installieren ===
{{Box Code|Zu installierende Pakete|
<pre>
[ebuild  N    ] net-firewall/iptables-1.3.6-r1  USE="ipv6 -extensions -imq -l7filter -static" 181 kB
[ebuild  N    ] net-analyzer/fail2ban-0.7.2  28 kB
</pre>
}}


{{Codeline|# emerge fail2ban}}
{{Root|emerge fail2ban}}


{{Codeline|# /etc/init.d/iptables save}}
{{Root|/etc/init.d/iptables save}}


{{Codeline|# rc-update add iptables default}}
{{Root|rc-update add iptables default}}


{{Codeline|# rc-update add fail2ban default}}
{{Root|rc-update add fail2ban default}}


{{Box Code|Kernel .config|
{{Kernel|Kernel .config|
<pre>
<pre>
Networking
Networking
Line 107: Line 93:
}}
}}


 
{{File|/etc/ssh/sshd_config|
{{Box File|/etc/ssh/sshd_config|
<pre>
<pre>
SyslogFacility AUTH
SyslogFacility AUTH
Line 115: Line 100:
}}
}}


 
{{File|/etc/syslog-ng/syslog-ng.conf|
{{Box File|/etc/syslog-ng/syslog-ng.conf|
<pre>
<pre>
destination authlog { file("/var/log/sshd.log"); };
destination authlog { file("/var/log/sshd.log"); };
Line 127: Line 111:
}}
}}


{{Codeline|# touch /var/log/sshd.log}}
{{Root|touch /var/log/sshd.log}}
 
{{Codeline|# chmod 600 /var/log/sshd.log}}


{{Codeline|# /etc/init.d/syslog-ng restart}}
{{Root|chmod 600 /var/log/sshd.log}}


{{Root|/etc/init.d/syslog-ng restart}}


{{Box File|/etc/fail2ban/jail.conf|
{{File|/etc/fail2ban/jail.conf|
<pre>
<pre>
[ssh-iptables]
[ssh-iptables]
Line 149: Line 132:
}}
}}


{{Codeline|# /etc/init.d/fail2ban start}}
{{Root|/etc/init.d/fail2ban start}}


[[Kategorie:Programme]]
[[Kategorie:Programme]]

Revision as of 17:53, 13 January 2011

Installing

# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default
Linux Kernel Configuration: Kernel .config 
Networking
 Networking options --->
 [*] Network packet filtering (replaces ipchains)  --->
  Core Netfilter Configuration  --->
   <*> Netfilter Xtables support (required for ip_tables)
  IP: Netfilter Configuration  --->
   <*> IP tables support (required for filtering/masq/NAT)

  optional noch:
  IPv6: Netfilter Configuration (EXPERIMENTAL)  --->
   <*> IP6 tables support (required for filtering/masq/NAT)
File: /etc/ssh/sshd_config
SyslogFacility AUTH
LogLevel INFO
File: /etc/syslog-ng/syslog-ng.conf
destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };

log { source(src); filter(f_authpriv); destination(authlog); };
# touch /var/log/auth.log
# chmod 600 /var/log/auth.log
# /etc/init.d/syslog-ng restart
File: /etc/fail2ban.conf
maxfailures = 3

[MAIL]
enabled = true
host = mailrelay/localhost
to = logs@domain.de

[SSH]
enabled = true
logfile = /var/log/auth.log


fail2ban installieren

# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default
Linux Kernel Configuration: Kernel .config 
Networking
 Networking options --->
 [*] Network packet filtering (replaces ipchains)  --->
  Core Netfilter Configuration  --->
   <*> Netfilter Xtables support (required for ip_tables)
  IP: Netfilter Configuration  --->
   <*> IP tables support (required for filtering/masq/NAT)

  optional noch:
  IPv6: Netfilter Configuration (EXPERIMENTAL)  --->
   <*> IP6 tables support (required for filtering/masq/NAT)
File: /etc/ssh/sshd_config
SyslogFacility AUTH
LogLevel INFO
File: /etc/syslog-ng/syslog-ng.conf
destination authlog { file("/var/log/sshd.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };

log { source(src); filter(f_authpriv); destination(authlog); };
# touch /var/log/sshd.log
# chmod 600 /var/log/sshd.log
# /etc/init.d/syslog-ng restart
File: /etc/fail2ban/jail.conf
[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           mail-whois[name=SSH, dest=yourmail@mail.com]
logpath  = /var/log/sshd.log
maxretry = 3
bantime  = 600
# /etc/init.d/fail2ban start

Kategorie:Programme

Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Fail2ban&oldid=3285"