Fail2Ban (Linux): Unterschied zwischen den Versionen

Aus Tutorials
Zur Navigation springen Zur Suche springen
Zeile 92: Zeile 92:
[DEFAULT]
[DEFAULT]
# Destination email for action that send you an email
# Destination email for action that send you an email
destemail = fail2ban@mydomain.example
destemail = admin@<domain>


# Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this
# Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this
sender    = fail2ban@mydomain.example
sender    = admin@<domain>


# Default action. Will block user and send you an email with whois content and log lines.
# Default action. Will block user and send you an email with whois content and log lines.
Zeile 103: Zeile 103:
banaction = nftables-multiport
banaction = nftables-multiport
chain    = input
chain    = input
</pre>
</pre>



Version vom 31. März 2020, 16:56 Uhr

Noch in Bearbeitung


Installation

iptables- verhindert das iptables mitinstalliert wird.

sudo apt-get install fail2ban iptables-

Konfiguration

/etc/nftables/fail2ban.conf

Das Verzeichnis /etc/nftables/ existiert nicht und muss erst angelegt werden:

sudo mkdir /etc/nftables/

Danach die Datei

sudo vi /etc/nftables/fail2ban.conf

erstellen und mit folgendem Inhalt befüllen:

#!/usr/sbin/nft -f

# Use ip as fail2ban doesn't support ipv6 yet
table ip fail2ban {
  chain input {
    # Assign a high priority to reject as fast as possible and avoid more complex rule evaluation
    type filter hook input priority 100;
  }
}

Die zuvor erstellte Datei in

sudo vi /etc/nftables.conf

direkt nach flush ruleset inkludieren:

#!/usr/sbin/nft -f

flush ruleset

include "/etc/nftables/fail2ban.conf"

...

Damit die neue Tabelle aktiv wird, muss die Konfiguration nochmals neu geladen werden:

sudo systemctl reload nftables.service

/etc/fail2ban/action.d/nftables-common.local

sudo vi /etc/fail2ban/action.d/nftables-common.local
[Init]
# Definition of the table used
nftables_family = ip
nftables_table  = fail2ban

# Drop packets 
blocktype       = drop

# Remove nftables prefix. Set names are limited to 15 char so we want them all
nftables_set_prefix =

/etc/fail2ban/jail.local

sudo vi /etc/fail2ban/jail.local
[DEFAULT]
# Destination email for action that send you an email
destemail = admin@<domain>

# Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this
sender    = admin@<domain>

# Default action. Will block user and send you an email with whois content and log lines.
action    = %(action_mwl)s

# configure nftables
banaction = nftables-multiport
chain     = input

Links

https://wiki.meurisse.org/wiki/Fail2Ban

https://wiki.ubuntuusers.de/fail2ban/

https://peters-christoph.de/blog/server/sicherheit-mit-fail2ban-erhoehen-postfix-ssh/

https://www.thomas-krenn.com/de/wiki/SSH_Login_unter_Debian_mit_fail2ban_absichern


Zurück zu Ubuntu