Hallo zusammen,
so Server läuft alles schön. Nun wollte ich noch Fail2ban ein wenig gesprächiger machen und mir Mails schicken lassen etc.... Nur irgendwie will der driss nicht so wie ich will... Oder kennt wer eine gute Alternative?
Kennt sich auch wer mit sslh aus?
Hat irgendwer eine gute Anleitung für CentOS und Fail2ban? Bin am Verzweifeln. Oder hat wer eine gute Konfiguration? Vielleicht sogar direkt noch ein paar Jails für ungebetene Gäste wie zum Beispiel dfind?!
Standard Konfiguration:
Die Konfiguration die ich Nutzen möchte:
so Server läuft alles schön. Nun wollte ich noch Fail2ban ein wenig gesprächiger machen und mir Mails schicken lassen etc.... Nur irgendwie will der driss nicht so wie ich will... Oder kennt wer eine gute Alternative?
Kennt sich auch wer mit sslh aus?
Hat irgendwer eine gute Anleitung für CentOS und Fail2ban? Bin am Verzweifeln. Oder hat wer eine gute Konfiguration? Vielleicht sogar direkt noch ein paar Jails für ungebetene Gäste wie zum Beispiel dfind?!
Standard Konfiguration:
Code:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 747 $
#
# The DEFAULT allows a global definition of the options. They can be override
# in each jail afterwards.
[DEFAULT]
destemail = empfänger@googlemail.com
banaction = iptables-multiport
mta = sendmail
ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24
bantime = 86400
findtime = 600
maxretry = 2
backend = auto
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath = /var/log/secure
maxretry = 2
[proftpd-iptables]
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@example.com]
logpath = /var/log/mail.log
[ssh-tcpwrapper]
enabled = true
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
logpath = /var/log/secure
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache*/*error.log
/var/www/kbc*/logs/*error*
/var/www/vpa*/logs/*error*
maxretry = 2
[postfix-tcpwrapper]
enabled = false
filter = postfix
action = hostsdeny[file=/not/a/standard/path/hosts.deny]
sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/postfix.log
bantime = 300
[vsftpd-notification]
enabled = false
filter = vsftpd
action = sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
[vsftpd-iptables]
enabled = false
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=you@example.com]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
logpath = /var/www/*/logs/access_log
/var/log/apache*/*access*
/var/www/kbc*/logs/*access*
/var/www/vpa*/logs/*access*
bantime = 172800
maxretry = 1
[apache-shorewall]
enabled = true
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=you@example.com]
logpath = /var/log/httpd/error_log
[php-url-fopen]
enabled = false
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
maxretry = 1
[ssh-ipfw]
enabled = false
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
logpath = /var/log/auth.log
ignoreip = 168.192.0.1
Die Konfiguration die ich Nutzen möchte:
Code:
[DEFAULT]
destemail = empfänger@googlemail.com
banaction = iptables-multiport
mta = sendmail
ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24
bantime = 99999999
findtime = 600
maxretry = 2
backend = polling
############SSH##########
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/log/secure
maxretry = 2
[ssh-tcpwrapper]
enabled = true
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
ignoreregex = for myuser from
logpath = /var/log/secure
###########APACHE####
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache*/*error.log
/var/www/kbc*/logs/*error*
/var/www/vpa*/logs/*error*
maxretry = 2
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/www/*/logs/access_log
/var/log/apache*/*access*
/var/www/kbc*/logs/*access*
/var/www/vpa*/logs/*access*
bantime = 999999
maxretry = 1
[apache-shorewall]
enabled = true
filter = apache-noscript
action = shorewall
sendmail[name=Postfix, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/www/*/logs/error*
/var/log/apache*/*error*
/var/www/kbc*/logs/*error*
/var/www/vpa*/logs/*error*
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/www/*/logs/access_log
/var/log/apache*/*access*
/var/www/kbc*/logs/*access*
/var/www/vpa*/logs/*access*
maxretry = 1
[postfix]
enabled = false
filter = postfix
action = iptables[name=Postfix, port=smtp, protocol=tcp]
sendmail-whois[name=Postfix, est=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/log/maillog
maxretry = 2
[proftpd-iptables]
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/log/secure
maxretry = 3
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
logpath = /var/log/mail.log
# Fail2Ban filter.d/postfix.local configuration file
################################################
# www.sonoracomm.com
#
[Definition]
failregex = reject: RCPT from (.*)\[\]: 554
reject: RCPT from (.*)\[\]: 550
reject: RCPT from (.*)\[\]: 450
ignoreregex =
# Fail2Ban action.d/sendmail-whois.local configuration file
################################################
# www.sonoracomm.com
#
[Definition]
actionstart = echo -en "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
actionstop = echo -en "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
Hi,\n
The jail has been stopped.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
actioncheck =
actionban = echo -en "Subject: [Fail2Ban] : banned
From: Fail2Ban <>
To: \n
Hi,\n
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/dig -x `\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f
actionunban =
[Init]
name = default
dest = empfänger@gmail.com
sender = fail2ban