#1 15. Juni 2012 Hallo zusammen, so Server läuft alles schön. Nun wollte ich noch Fail2ban ein wenig gesprächiger machen und mir Mails schicken lassen etc.... Nur irgendwie will der driss nicht so wie ich will... Oder kennt wer eine gute Alternative? Kennt sich auch wer mit sslh aus? Hat irgendwer eine gute Anleitung für CentOS und Fail2ban? Bin am Verzweifeln. Oder hat wer eine gute Konfiguration? Vielleicht sogar direkt noch ein paar Jails für ungebetene Gäste wie zum Beispiel dfind?! Standard Konfiguration: Code: # Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 747 $ # # The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] destemail = empfänger@googlemail.com banaction = iptables-multiport mta = sendmail ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24 bantime = 86400 findtime = 600 maxretry = 2 backend = auto [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] logpath = /var/log/secure maxretry = 2 [proftpd-iptables] enabled = false filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] sendmail-whois[name=ProFTPD, dest=you@example.com] logpath = /var/log/proftpd/proftpd.log maxretry = 6 [sasl-iptables] enabled = false filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=you@example.com] logpath = /var/log/mail.log [ssh-tcpwrapper] enabled = true filter = sshd action = hostsdeny sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from logpath = /var/log/secure [apache-tcpwrapper] enabled = true filter = apache-auth action = hostsdeny logpath = /var/log/apache*/*error.log /var/www/kbc*/logs/*error* /var/www/vpa*/logs/*error* maxretry = 2 [postfix-tcpwrapper] enabled = false filter = postfix action = hostsdeny[file=/not/a/standard/path/hosts.deny] sendmail[name=Postfix, dest=you@example.com] logpath = /var/log/postfix.log bantime = 300 [vsftpd-notification] enabled = false filter = vsftpd action = sendmail-whois[name=VSFTPD, dest=you@example.com] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 [vsftpd-iptables] enabled = false filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] sendmail-whois[name=VSFTPD, dest=you@example.com] logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800 [apache-badbots] enabled = true filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] logpath = /var/www/*/logs/access_log /var/log/apache*/*access* /var/www/kbc*/logs/*access* /var/www/vpa*/logs/*access* bantime = 172800 maxretry = 1 [apache-shorewall] enabled = true filter = apache-noscript action = shorewall sendmail[name=Postfix, dest=you@example.com] logpath = /var/log/httpd/error_log [php-url-fopen] enabled = false port = http,https filter = php-url-fopen logpath = /var/www/*/logs/access_log maxretry = 1 [ssh-ipfw] enabled = false filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=you@example.com] logpath = /var/log/auth.log ignoreip = 168.192.0.1 Die Konfiguration die ich Nutzen möchte: Code: [DEFAULT] destemail = empfänger@googlemail.com banaction = iptables-multiport mta = sendmail ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24 bantime = 99999999 findtime = 600 maxretry = 2 backend = polling ############SSH########## [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/log/secure maxretry = 2 [ssh-tcpwrapper] enabled = true filter = sshd action = hostsdeny sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] ignoreregex = for myuser from logpath = /var/log/secure ###########APACHE#### [apache-tcpwrapper] enabled = true filter = apache-auth action = hostsdeny logpath = /var/log/apache*/*error.log /var/www/kbc*/logs/*error* /var/www/vpa*/logs/*error* maxretry = 2 [apache-badbots] enabled = true filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/www/*/logs/access_log /var/log/apache*/*access* /var/www/kbc*/logs/*access* /var/www/vpa*/logs/*access* bantime = 999999 maxretry = 1 [apache-shorewall] enabled = true filter = apache-noscript action = shorewall sendmail[name=Postfix, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/www/*/logs/error* /var/log/apache*/*error* /var/www/kbc*/logs/*error* /var/www/vpa*/logs/*error* [php-url-fopen] enabled = true port = http,https filter = php-url-fopen logpath = /var/www/*/logs/access_log /var/log/apache*/*access* /var/www/kbc*/logs/*access* /var/www/vpa*/logs/*access* maxretry = 1 [postfix] enabled = false filter = postfix action = iptables[name=Postfix, port=smtp, protocol=tcp] sendmail-whois[name=Postfix, est=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/log/maillog maxretry = 2 [proftpd-iptables] enabled = false filter = proftpd action = iptables[name=ProFTPD, port=ftp, protocol=tcp] sendmail-whois[name=ProFTPD, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/log/secure maxretry = 3 [sasl-iptables] enabled = false filter = sasl backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de] logpath = /var/log/mail.log # Fail2Ban filter.d/postfix.local configuration file ################################################ # www.sonoracomm.com # [Definition] failregex = reject: RCPT from (.*)\[\]: 554 reject: RCPT from (.*)\[\]: 550 reject: RCPT from (.*)\[\]: 450 ignoreregex = # Fail2Ban action.d/sendmail-whois.local configuration file ################################################ # www.sonoracomm.com # [Definition] actionstart = echo -en "Subject: [Fail2Ban] : started From: Fail2Ban <> To: \n Hi,\n The jail has been started successfully.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f actionstop = echo -en "Subject: [Fail2Ban] : stopped From: Fail2Ban <> To: \n Hi,\n The jail has been stopped.\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f actioncheck = actionban = echo -en "Subject: [Fail2Ban] : banned From: Fail2Ban <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n Here are more information about :\n `/usr/bin/dig -x `\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f actionunban = [Init] name = default dest = empfänger@gmail.com sender = fail2ban
#2 16. Juni 2012 AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration google suche und vorallem die fail2ban manual gelesen? Ich vermute mal das dies nicht der Fall ist, was du aber, sofern du es verstehen willst, nachholen solltest. btw. "-1" = "für immer" (wobei ich da aufpassen würde..) 1 Person gefällt das.
#3 29. August 2012 AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration logfiles vom sendmail wären toll (wenns daran scheitert!) 1 Person gefällt das.
#4 29. August 2012 AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration Hi danke für die Rückmeldung, aber das Thema ist schon fast 3 Monate alt. Ich habs dann mal selbst gelöst irgendwie :-D BW haste aber! Closed!