Allgemein

Installlation fail2ban (bruteforce attack):

0
Install fail2ban (bruteforce attack):

füge Dein eigenes config-file hinzu /etc/fail2ban/jail.conf:

root@elkseo:/etc/fail2ban# cat jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 193.28.229.18/8 87.123.1.156/8 (Ip's sind Beispiele!)
 
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 4

Restart des service:

service fail2ban reload

Failtoban SALT Installation:

erstelle eine SLS:

fail2ban:
  pkg:
    - installed
  service:
    - running
    - require:
      - pkg: fail2ban
    - watch:
      - file: /etc/fail2ban/jail.local
 
/etc/fail2ban/jail.local:
  file:
    - managed
    - source: salt://system/files/fail2ban/jail.local
    - require:
      - pkg: fail2banroot@salt:/srv/salt/base/system

Erstelle eine „jail.local“ Datei:

/srv/salt/base/system/files/fail2ban# cat jail.local
 
[DEFAULT]
# both IP's from our provider Telekom & I/T/B/P
ignoreip = 127.0.0.1/8 193.28.229.18/8 87.123.1.156/8 (Ip's sind Beispiele!)
 
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
Maxretry = 4

Testlauf with salt:

salt '<MinionName>' state.sls system.fail2ban Test=True

Beispielausgabe ohne Fehler

MinionHost:
  Name: fail2ban - Function: pkg.installed - Result: Changed Started: - 14:18:34.591594 Duration: 10542.681 ms
  Name: /etc/fail2ban/jail.local - Function: file.managed - Result: Changed Started: - 14:18:45.228883 Duration: 23.988 ms
  Name: fail2ban - Function: service.running - Result: Changed Started: - 14:18:45.295799 Duration: 1509.88 ms
 
Summary for MinionHost
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3

Test logfile:

tail -f /var/log/fail2ban.log
2017-02-20 14:18:46,761 fail2ban.jail           [172653]: INFO    Initiated 'pyinotify' backend
2017-02-20 14:18:46,763 fail2ban.filter         [172653]: INFO    Set jail log file encoding to UTF-8
2017-02-20 14:18:46,763 fail2ban.actions        [172653]: INFO    Set banTime = 600
2017-02-20 14:18:46,765 fail2ban.filter         [172653]: INFO    Added logfile = /var/log/auth.log
2017-02-20 14:18:46,767 fail2ban.filter         [172653]: INFO    Set findtime = 600
2017-02-20 14:18:46,767 fail2ban.filter         [172653]: INFO    Set maxRetry = 4
2017-02-20 14:18:46,767 fail2ban.filter         [172653]: INFO    Set maxlines = 10
2017-02-20 14:18:46,784 fail2ban.server         [172653]: INFO    Jail ssh is not a JournalFilter instance
2017-02-20 14:18:46,789 fail2ban.jail           [172653]: INFO    Jail 'sshd' started
2017-02-20 14:18:46,792 fail2ban.jail           [172653]: INFO    Jail 'ssh' started

Kommentar hinterlassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

5 × vier =

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.