FreeBSD - fail2ban

Установка

 cd /usr/ports/security/py-fail2ban
 make install clean

/usr/local/etc/fail2ban/jail.conf

 [DEFAULT]
 
 ignoreip = 127.0.0.1
 bantime  = 600
 findtime  = 600
 maxretry = 3
 backend = auto
 
 
 [proftpd-ipfw]
 
 enabled  = true
 filter   = proftpd
 action   = ipfw[localhost=me]
 logpath  = /var/log/proftpd/error.log
 maxretry = 6
 
 
 [ssh-ipfw]
 
 enabled  = true
 filter   = sshd
 action   = ipfw[localhost=me]
 logpath  = /var/log/auth.log
 

/usr/local/etc/fail2ban/action.d/ipfw.conf

 ...
 
 # actionban = ipfw add deny tcp from <ip> to <localhost> <port>
 actionban = ipfw table 0 add <ip>
 
 ...
 
 # actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
 actionunban = ipfw table 0 delete `ipfw table 0 list | grep -i <ip> | awk '{print $1;}'`
 
 ...
 

Добавление правил в ipfw

Добавляем запрещающее правило

 ipfw add deny ip from "table(0)" to me

Проверка

Проверка на ловлю брутфорсеров

 ipfw table 0 list

Проверка работы фильтра на примере proftpd

 fail2ban-regex /var/log/proftpd/error.log /usr/local/etc/fail2ban/filter.d/proftpd.conf

Запуск службы

 echo "fail2ban_enable="YES"" >> /etc/rc.conf
 /usr/local/etc/rc.d/fail2ban start

Комментарии

 
blog/2011/12/08-freebsd_-_fail2ban.txt · Последние изменения: 2011/12/08 15:23 — Антон Бугреев · []