Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
howto:fail2ban [2017/09/19 11:49] – WIP (using fail2ban) ragnarok | howto:fail2ban [2018/01/14 13:15] – [See Also] digital man | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Use Fail2Ban on GNU/Linux to block botnet' | ====== Use Fail2Ban on GNU/Linux to block botnet' | ||
- | Synchronet now have a built-it support to block incomming connections (see [[howto: | + | Synchronet now have a built-in support to block incomming connections (see [[howto: |
- | You must config an setup the sbbs log file that are explained here: [[config:nix|UNIX]] | + | If you running another services/ |
- | These examples where made on Debian GNU/Linux, but you can adjust and apply for another distribution like Ubuntu, Arch, Fedora, etc. | + | You must config and setup the sbbs log file that are explained here: [[config: |
+ | |||
+ | // | ||
+ | // | ||
First step, install fail2ban package: | First step, install fail2ban package: | ||
Line 12: | Line 15: | ||
apt-get install fail2ban | apt-get install fail2ban | ||
</ | </ | ||
+ | |||
+ | Create the file / | ||
+ | < | ||
+ | [sbbs-main] | ||
+ | enabled | ||
+ | filter | ||
+ | action | ||
+ | logpath | ||
+ | maxretry = 3 | ||
+ | findtime = 21600 | ||
+ | bantime = 21600 | ||
+ | </ | ||
+ | |||
+ | Create the filter file / | ||
+ | < | ||
+ | [INCLUDES] | ||
+ | before = common.conf | ||
+ | |||
+ | [Definition] | ||
+ | failregex = Bad password from: < | ||
+ | Throttling suspicious connection from: < | ||
+ | ignoreregex = | ||
+ | </ | ||
+ | |||
+ | Reload or restart the service and verify if you jail is loaded: | ||
+ | < | ||
+ | # fail2ban-client status | ||
+ | Status | ||
+ | |- Number of jail: 7 | ||
+ | `- Jail list: ssh, asterisk-udp, | ||
+ | |||
+ | </ | ||
+ | |||
+ | After some time, you can observe via iptables that severals ip address was blocked | ||
+ | |||
+ | < | ||
+ | # iptables -L -n | ||
+ | |||
+ | Chain fail2ban-SBBS-main (1 references) | ||
+ | target | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | REJECT | ||
+ | RETURN | ||
+ | |||
+ | </ | ||
+ | |||
+ | **ToDo:** | ||
+ | |||
+ | * Add regexp for spam.log and hack.log | ||
+ | |||
===== See Also ===== | ===== See Also ===== | ||
* [[: | * [[: | ||
- | {{tag>}} | + | {{tag>linux}} |