Fail2ban: Unterschied zwischen den Versionen

Aus wiki.frank-wulf.de
Zur Navigation springen Zur Suche springen
← Zum vorherigen VersionsunterschiedZum nächsten Versionsunterschied →
VisuellWikitext
Zeile 24: Zeile 24:


Example:
Example:
<source>root@fwserv1:/home/wulf# iptables -S
<source>root@fwserv1:~# iptables -S
-P INPUT ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P FORWARD ACCEPT
Zeile 48: Zeile 48:
-A f2b-sshd -s 116.6.49.126/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 116.6.49.126/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN
-A f2b-sshd -j RETURN
root@fwserv1:/home/wulf#_</source>
root@fwserv1:~#_</source>


Since Linux Kernel 2.6 there is an option to use so-called IP sets to hold big amount of IP addresses in the memory.
Since Linux Kernel 2.6 there is an option to use so-called IP sets to hold big amount of IP addresses in the memory.

Version vom 2. Oktober 2017, 17:56 Uhr

Fail2Ban Installation from GitHub (EN)

In case an existing Fail2Ban server is running: 

sudo service fail2ban stop

Download version 0.10 from GitHub: 

wget https://github.com/fail2ban/fail2ban/archive/0.10.0.tar.gz -O fail2ban-0.10.0.tar.gz

Unpack and install:
<source>sudo tar -zxpvf fail2ban-0.10.0.tar.gz
cd fail2ban-0.10.0
sudo python setup.py install

This will install Fail2Ban into the python library directory. The executable scripts are placed into /usr/local/bin and configuration under /etc/fail2ban.


Enable fail2ban as an automatic service: 

sudo cp files/debian-initd /etc/init.d/fail2ban
sudo update-rc.d fail2ban defaults
sudo service fail2ban start

Using IP sets instead of Iptables chains

By default Fail2Ban uses Iptables chains to block IP addresses.

Example: 

root@fwserv1:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -m set --match-set fail2ban-ssh src -j DROP
-A FORWARD -m set --match-set fail2ban-ssh src -j DROP
-A f2b-sshd -s 120.52.56.124/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 116.193.161.242/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 14.215.237.205/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 118.244.238.18/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 155.133.82.12/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 49.4.6.132/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 118.244.206.22/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 61.132.29.162/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 192.160.102.169/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 162.247.72.213/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 149.56.223.241/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 27.255.79.82/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 211.104.171.220/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 187.252.208.82/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 116.6.49.126/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN
root@fwserv1:~#_

Since Linux Kernel 2.6 there is an option to use so-called IP sets to hold big amount of IP addresses in the memory.

Abgerufen von „http://wiki.frank-wulf.de/index.php?title=Fail2ban&oldid=40