fail2ban

fail2ban

Standartinė minde » 2012-03-23 14:35:50

Tokia beda, negaliu nustatyti niekaip fail2ban.
Kodas: Pasirinkti visus
  1. 2012-03-23 13:26:00,310 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
  2. 2012-03-23 13:26:00,311 fail2ban.jail   : INFO   Creating new jail 'portscan'
  3. 2012-03-23 13:26:00,312 fail2ban.jail   : INFO   Jail 'portscan' uses Gamin
  4. 2012-03-23 13:26:01,517 fail2ban.comm   : WARNING Invalid command: ['add', 'portscan', 'auto']
  5. 2012-03-23 13:26:21,922 fail2ban.comm   : WARNING Invalid command: ['status', 'portscan']
  6.  

jail.conf:
Kodas: Pasirinkti visus
  1. [portscan]
  2.  
  3. enabled = true
  4. filter  = portscan
  5. protocol = all
  6. action   = iptables-allports
  7. logpath = /var/log/iptables.log
  8. maxretry = 1
  9. bantime = 40000

filter.d/portscan.conf:
Kodas: Pasirinkti visus
  1. # Fail2Ban configuration file
  2. #
  3. # Author: Mindaugas <mindeunix@gmail.com>
  4. #
  5.  
  6. [Definition]
  7.  
  8. # Option:  failregex
  9. # Notes.:  regex to match vrmr: DROP IN=eth0 SRC= as notified by iptables
  10. # Values:  TEXT
  11. #
  12. failregex = .*vrmr: DROP .*IN=eth0 .* SRC=<HOST> *.
  13.  
  14. # Option:  ignoreregex
  15. # Notes.:  regex to ignore. If this regex matches, the line is ignored.
  16. # Values:  TEXT
  17. #
  18. ignoreregex =
  19.  

regex tik pabandyti ar veikia, ir jis tikrai veikia:
Kodas: Pasirinkti visus
  1.  
  2. Running tests
  3. =============
  4.  
  5. Use regex file : /home/minde/etc/fail2ban/filter.d/portscan.conf
  6. Use log file   : /var/log/iptables.log
  7.  
  8.  
  9. Results
  10. =======
  11.  
  12. Failregex
  13. |- Regular expressions:
  14. |  [1] .*vrmr: DROP .*IN=eth0 .* SRC=<HOST> *. DST=86.100.226.46 *.
  15. |
  16. `- Number of matches:
  17.    [1] 7 match(es)
  18.  
  19. Ignoreregex
  20. |- Regular expressions:
  21. |
  22. `- Number of matches:
  23.  
  24. Summary
  25. =======
  26.  
  27. Addresses found:
  28. [1]
  29.     211.142.173.1 (Fri Mar 23 03:05:43 2012)
  30.     46.165.197.1 (Fri Mar 23 12:22:17 2012)
  31.     109.200.9.14 (Fri Mar 23 13:02:42 2012)
  32.     95.9.59.8 (Fri Mar 23 13:07:43 2012)
  33.     24.129.164.17 (Fri Mar 23 13:21:06 2012)
  34.     4.69.140.19 (Fri Mar 23 13:22:11 2012)
  35.     81.4.135.6 (Fri Mar 23 13:24:35 2012)
  36.  
  37. Date template hits:
  38. 0 hit(s): MONTH Day Hour:Minute:Second
  39. 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
  40. 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
  41. 0 hit(s): Year/Month/Day Hour:Minute:Second
  42. 0 hit(s): Day/Month/Year Hour:Minute:Second
  43. 0 hit(s): Day/Month/Year Hour:Minute:Second
  44. 0 hit(s): Day/MONTH/Year:Hour:Minute:Second
  45. 0 hit(s): Month/Day/Year:Hour:Minute:Second
  46. 0 hit(s): Year-Month-Day Hour:Minute:Second
  47. 0 hit(s): Year.Month.Day Hour:Minute:Second
  48. 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
  49. 0 hit(s): Day-Month-Year Hour:Minute:Second
  50. 0 hit(s): TAI64N
  51. 0 hit(s): Epoch
  52. 44 hit(s): ISO 8601
  53. 0 hit(s): Hour:Minute:Second
  54. 0 hit(s): <Month/Day/Year@Hour:Minute:Second>
  55.  
  56. Success, the total number of match is 7
  57.  

Bet kodel neblokuoja ? Kur klaida padariau ?
USE="freedom -software_patents" emerge --deep --update world
Vartotojo avataras
minde
Apšilinėjantis
 
Pranešimai: 9
Užsiregistravo: 2012-03-01 17:05:03
Miestas: Kėdainiai

Re: fail2ban

Standartinė minde » 2012-03-24 00:09:48

Sutvarkiau. Fail2ban pakeiciau backend i polling (fail2ban bug'as).
USE="freedom -software_patents" emerge --deep --update world
Vartotojo avataras
minde
Apšilinėjantis
 
Pranešimai: 9
Užsiregistravo: 2012-03-01 17:05:03
Miestas: Kėdainiai

Re: fail2ban

Standartinė MKas » 2012-03-24 08:14:20

O kurią fail2ban versiją naudoji?
Vartotojo avataras
MKas
Site Admin
 
Pranešimai: 109
Užsiregistravo: 2010-08-09 13:49:06
Miestas: Lithuania, Vilnius

Re: fail2ban

Standartinė minde » 2012-03-24 10:38:14

Fail2Ban v0.8.6, ir "auto" neveikia. pakeitus backend i polling viskas gerai, bet ant auto naudoja gamin kurio as neturiu :)
USE="freedom -software_patents" emerge --deep --update world
Vartotojo avataras
minde
Apšilinėjantis
 
Pranešimai: 9
Užsiregistravo: 2012-03-01 17:05:03
Miestas: Kėdainiai


Grįžti į Serverių administravimo

Dabar prisijungę

Vartotojai naršantys šį forumą: Registruotų vartotojų nėra ir 0 svečių

cron

x