Fail2ban

From Q
Revision as of 00:21, 30 January 2014 by Tgurr (talk | contribs)
Jump to navigation Jump to search

Installing

# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default
Linux Kernel Configuration: Kernel .config 
Networking
 Networking options --->
 [*] Network packet filtering (replaces ipchains)  --->
  Core Netfilter Configuration  --->
   <*> Netfilter Xtables support (required for ip_tables)
  IP: Netfilter Configuration  --->
   <*> IP tables support (required for filtering/masq/NAT)

  optional noch:
  IPv6: Netfilter Configuration (EXPERIMENTAL)  --->
   <*> IP6 tables support (required for filtering/masq/NAT)
File: /etc/ssh/sshd_config
SyslogFacility AUTH
LogLevel INFO
File: /etc/syslog-ng/syslog-ng.conf
destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };

log { source(src); filter(f_authpriv); destination(authlog); };
# touch /var/log/auth.log
# chmod 600 /var/log/auth.log
# /etc/init.d/syslog-ng restart
File: /etc/fail2ban.conf
maxfailures = 3

[MAIL]
enabled = true
host = mailrelay/localhost
to = logs@domain.de

[SSH]
enabled = true
logfile = /var/log/auth.log


fail2ban installieren

# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default
Linux Kernel Configuration: Kernel .config 
Networking
 Networking options --->
 [*] Network packet filtering (replaces ipchains)  --->
  Core Netfilter Configuration  --->
   <*> Netfilter Xtables support (required for ip_tables)
  IP: Netfilter Configuration  --->
   <*> IP tables support (required for filtering/masq/NAT)

  optional noch:
  IPv6: Netfilter Configuration (EXPERIMENTAL)  --->
   <*> IP6 tables support (required for filtering/masq/NAT)
File: /etc/ssh/sshd_config
SyslogFacility AUTH
LogLevel INFO
File: /etc/syslog-ng/syslog-ng.conf
destination authlog { file("/var/log/sshd.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };

log { source(src); filter(f_authpriv); destination(authlog); };
# touch /var/log/sshd.log
# chmod 600 /var/log/sshd.log
# /etc/init.d/syslog-ng restart
File: /etc/fail2ban/jail.conf
[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           mail-whois[name=SSH, dest=yourmail@mail.com]
logpath  = /var/log/sshd.log
maxretry = 3
bantime  = 600
# /etc/init.d/fail2ban start

Categorie:Software bantime  = 86400

Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Fail2ban&oldid=3835"