Fail2ban

Da sia.

Vai alla navigazione Vai alla ricerca

fail2ban

Install

On Debian create a /etc/fail2ban/jail.local

#[DEFAULT]
#bantime = 1h

[sshd]
enabled = true
banaction = nftables-multiport
banaction_allports = nftables-allports

Add a service (shibboleth-idp)

Add a filter rule:

$ cat /etc/fail2ban/filters.d/shibboleth-idp.conf
# Fail2Ban filter for Shibboleth-IdP
# Detecting unauthorized access to the Shibboleth IdP
# typically logged in  /opt/shibboleth-idp/logs/idp-process.log

[Definition]
failregex = ^.*Lockout threshold reached for '.*!<HOST>', invalid count is 5$

Use a test tool:

   fail2ban-regex /opt/shibboleth-idp/logs/idp-process.log /etc/fail2ban/filter.d/shibboleth-idp.conf

Add a custom jail:

$ cat /etc/fail2ban/jail.d/shibboleth-idp.conf
[shibboleth-idp]
#port    = http,https
logpath = /opt/shibboleth-idp/logs/idp-process.log
enabled = true
banaction = nftables-multiport
banaction_allports = nftables-allports

Estratto da "https://wiki.unimore.it/index.php?title=Fail2ban&oldid=18543"