CentOs x64 Fail2ban Konfiguration und sslh konfiguration

Dieses Thema im Forum "Linux & BSD" wurde erstellt von Excelsus, 15. Juni 2012 .

Schlagworte:
Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. 15. Juni 2012
    Hallo zusammen,

    so Server läuft alles schön. Nun wollte ich noch Fail2ban ein wenig gesprächiger machen und mir Mails schicken lassen etc.... Nur irgendwie will der driss nicht so wie ich will... Oder kennt wer eine gute Alternative?

    Kennt sich auch wer mit sslh aus?

    Hat irgendwer eine gute Anleitung für CentOS und Fail2ban? Bin am Verzweifeln. Oder hat wer eine gute Konfiguration? Vielleicht sogar direkt noch ein paar Jails für ungebetene Gäste wie zum Beispiel dfind?!


    Standard Konfiguration:
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 747 $
    #
    
    # The DEFAULT allows a global definition of the options. They can be override
    # in each jail afterwards.
    
    [DEFAULT]
    destemail = empfänger@googlemail.com
    banaction = iptables-multiport
    mta = sendmail
    ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24
    
    bantime = 86400
    
    findtime = 600
    
    maxretry = 2
    
    backend = auto
    
    
    [ssh-iptables]
    
    enabled = true
    filter = sshd
    action = iptables[name=SSH, port=ssh, protocol=tcp]
     sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
    logpath = /var/log/secure
    maxretry = 2
    
    [proftpd-iptables]
    
    enabled = false
    filter = proftpd
    action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
     sendmail-whois[name=ProFTPD, dest=you@example.com]
    logpath = /var/log/proftpd/proftpd.log
    maxretry = 6
    
    [sasl-iptables]
    
    enabled = false
    filter = sasl
    backend = polling
    action = iptables[name=sasl, port=smtp, protocol=tcp]
     sendmail-whois[name=sasl, dest=you@example.com]
    logpath = /var/log/mail.log
    
    [ssh-tcpwrapper]
    
    enabled = true
    filter = sshd
    action = hostsdeny
     sendmail-whois[name=SSH, dest=you@example.com]
    ignoreregex = for myuser from
    logpath = /var/log/secure
    
    [apache-tcpwrapper]
    
    enabled = true
    filter = apache-auth
    action = hostsdeny
    logpath = /var/log/apache*/*error.log
     /var/www/kbc*/logs/*error*
     /var/www/vpa*/logs/*error*
    maxretry = 2
    
    
    [postfix-tcpwrapper]
    
    enabled = false
    filter = postfix
    action = hostsdeny[file=/not/a/standard/path/hosts.deny]
     sendmail[name=Postfix, dest=you@example.com]
    logpath = /var/log/postfix.log
    bantime = 300
    
    [vsftpd-notification]
    
    enabled = false
    filter = vsftpd
    action = sendmail-whois[name=VSFTPD, dest=you@example.com]
    logpath = /var/log/vsftpd.log
    maxretry = 5
    bantime = 1800
    
    [vsftpd-iptables]
    
    enabled = false
    filter = vsftpd
    action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
     sendmail-whois[name=VSFTPD, dest=you@example.com]
    logpath = /var/log/vsftpd.log
    maxretry = 5
    bantime = 1800
    
    [apache-badbots]
    
    enabled = true
    filter = apache-badbots
    action = iptables-multiport[name=BadBots, port="http,https"]
     sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
    logpath = /var/www/*/logs/access_log
     /var/log/apache*/*access*
     /var/www/kbc*/logs/*access*
     /var/www/vpa*/logs/*access*
    bantime = 172800
    maxretry = 1
    
    [apache-shorewall]
    
    enabled = true
    filter = apache-noscript
    action = shorewall
     sendmail[name=Postfix, dest=you@example.com]
    logpath = /var/log/httpd/error_log
    
    [php-url-fopen]
    
    enabled = false
    port = http,https
    filter = php-url-fopen
    logpath = /var/www/*/logs/access_log
    maxretry = 1
    
    [ssh-ipfw]
    
    enabled = false
    filter = sshd
    action = ipfw[localhost=192.168.0.1]
     sendmail-whois[name="SSH,IPFW", dest=you@example.com]
    logpath = /var/log/auth.log
    ignoreip = 168.192.0.1
    

    Die Konfiguration die ich Nutzen möchte:

    Code:
    [DEFAULT]
    destemail = empfänger@googlemail.com
    banaction = iptables-multiport
    mta = sendmail
    
    ignoreip = 127.0.0.1 10.10.30.0/24 10.10.20.0/24 10.10.10.0/24 10.10.0.0/24 
    bantime = 99999999
    findtime = 600
    maxretry = 2
    backend = polling
    
    ############SSH##########
    [ssh-iptables]
    
    enabled = true
    filter = sshd
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/log/secure
    maxretry = 2
    
    [ssh-tcpwrapper]
    
    enabled = true
    filter = sshd
    action = hostsdeny
     sendmail-whois[name=SSH, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    ignoreregex = for myuser from
    logpath = /var/log/secure
    
    ###########APACHE####
    
    [apache-tcpwrapper]
    
    enabled = true
    filter = apache-auth
    action = hostsdeny
    logpath = /var/log/apache*/*error.log
     /var/www/kbc*/logs/*error*
     /var/www/vpa*/logs/*error*
    maxretry = 2
    
    [apache-badbots]
    
    enabled = true
    filter = apache-badbots
    action = iptables-multiport[name=BadBots, port="http,https"]
     sendmail-buffered[name=BadBots, lines=5, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/www/*/logs/access_log
     /var/log/apache*/*access*
     /var/www/kbc*/logs/*access*
     /var/www/vpa*/logs/*access*
    bantime = 999999
    maxretry = 1
    
    [apache-shorewall]
    
    enabled = true
    filter = apache-noscript
    action = shorewall
     sendmail[name=Postfix, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/www/*/logs/error*
     /var/log/apache*/*error*
     /var/www/kbc*/logs/*error*
     /var/www/vpa*/logs/*error*
     
    [php-url-fopen]
    
    enabled = true
    port = http,https
    filter = php-url-fopen
    logpath = /var/www/*/logs/access_log
     /var/log/apache*/*access*
     /var/www/kbc*/logs/*access*
     /var/www/vpa*/logs/*access*
    maxretry = 1
    
    
    [postfix]
    
    enabled = false
    filter = postfix
    action = iptables[name=Postfix, port=smtp, protocol=tcp]
    sendmail-whois[name=Postfix, est=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/log/maillog
    maxretry = 2
    
    
    [proftpd-iptables]
    
    enabled = false 
    filter = proftpd
    action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
     sendmail-whois[name=ProFTPD, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/log/secure
    maxretry = 3
    
    [sasl-iptables]
    
    enabled = false
    filter = sasl
    backend = polling
    action = iptables[name=sasl, port=smtp, protocol=tcp]
     sendmail-whois[name=sasl, dest=empfänger@gmail.com, sender=fail2ban@nemesis.example.de]
    logpath = /var/log/mail.log
    
    # Fail2Ban filter.d/postfix.local configuration file
    ################################################
    # www.sonoracomm.com
    #
    [Definition]
    
    failregex = reject: RCPT from (.*)\[\]: 554
    reject: RCPT from (.*)\[\]: 550
    reject: RCPT from (.*)\[\]: 450
    
    ignoreregex = 
    
    
    # Fail2Ban action.d/sendmail-whois.local configuration file
    ################################################
    # www.sonoracomm.com
    #
    [Definition]
    
    actionstart = echo -en "Subject: [Fail2Ban] : started
    From: Fail2Ban <>
    To: \n
    Hi,\n
    The jail has been started successfully.\n
    Regards,\n
    Fail2Ban" | /usr/sbin/sendmail -f 
    
    actionstop = echo -en "Subject: [Fail2Ban] : stopped
    From: Fail2Ban <>
    To: \n
    Hi,\n
    The jail has been stopped.\n
    Regards,\n
    Fail2Ban" | /usr/sbin/sendmail -f 
    
    actioncheck = 
    
    actionban = echo -en "Subject: [Fail2Ban] : banned 
    From: Fail2Ban <>
    To: \n
    Hi,\n
    The IP has just been banned by Fail2Ban after
    attempts against .\n\n
    Here are more information about :\n
    `/usr/bin/dig -x `\n
    Regards,\n
    Fail2Ban" | /usr/sbin/sendmail -f 
    
    actionunban = 
    
    [Init]
    name = default
    dest = empfänger@gmail.com
    sender = fail2ban
    
     
  2. 16. Juni 2012
    AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration

    google suche und vorallem die fail2ban manual gelesen? Ich vermute mal das dies nicht der Fall ist, was du aber, sofern du es verstehen willst, nachholen solltest.

    btw. "-1" = "für immer" (wobei ich da aufpassen würde..)
     
    1 Person gefällt das.
  3. 29. August 2012
    AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration

    logfiles vom sendmail wären toll (wenns daran scheitert!)
     
    1 Person gefällt das.
  4. 29. August 2012
    AW: CentOs x64 Fail2ban Konfiguration und sslh konfiguration

    Hi danke für die Rückmeldung, aber das Thema ist schon fast 3 Monate alt. Ich habs dann mal selbst gelöst irgendwie :-D

    BW haste aber!

    Closed!
     
  5. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.