1. Diese Seite verwendet Cookies. Wenn du dich weiterhin auf dieser Seite aufhältst, akzeptierst du unseren Einsatz von Cookies. Weitere Informationen

Problema fail2ban + cccam

Dieses Thema im Forum "Zona: Linux-Server" wurde erstellt von Nexet, 18. Juni 2012.

  1. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    salve a tutti , girovagando un pò ho trovato il software fail2ban che aiuta a proteggere il server da attacchi via ssh , ftp ecc. e si puo' utilizzare anche per cacciare alcuni host indesiderati dalla cccam , qualcuno potrebbe aiutarmi a capire come configurarlo ? grazie mille .
     
    #1
  2. phantom

    Nervigen User Advertisement

  3. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Fai cosi:

    Code:
    apt-get install fail2ban
    Code:
    nano /etc/fail2ban/jail.conf
    Qui ci devi inserire queste regole:

    Code:
    [cccam_sigfail]  
    enabled = true 
    port = 12000 
    filter = cccam-signature 
    logpath = /var/log/syslog 
    bantime = 1800 
    maxretry = 10   
    
    [cccam_badcmd]  
    enabled = true 
    port = 12000 
    filter = cccam-command 
    logpath = /var/log/syslog 
    bantime  = 1800 
    maxretry = 10   
    
    [cccam_2login]  
    enabled = true 
    port = 12000 
    filter = cccam-login 
    logpath = /var/log/syslog 
    bantime = 1800 
    maxretry = 10   
    
    [cccam_illegal]  
    enabled = true  
    port = 12000  
    filter = cccam-illegal  
    logpath = /var/log/syslog 
    bantime = 1800  
    maxretry = 10
    La porta 12000 la devi cambiare se e un altra!!

    Dopo aver fatto tutto questo devi configurare alcune files!

    Code:
    nano /etc/fail2ban/filter.d/cccam-signature.conf
    Qui ci inserisci questo:

    Code:
    [Definition] 
    failregex = CCcam: kick <HOST>, signature failed 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-login.conf
    Code:
    [Definition] 
    failregex = CCcam: double login .*, .* \(<HOST>\) 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-command.conf
    Code:
    [Definition] 
    failregex = CCcam: kick <HOST>.*, bad command 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-illegal.conf
    Code:
    [Definition]  
    failregex = CCcam: illegal user .* from <HOST>  
    ignoreregex =
    Tutto qui, ora devi solo fare un restart del deamon!

    Code:
    /etc/init.d/fail2ban restart
    Per vedere se qualcuno a provato ad entrare sul server senza permesso puoi dare questo commando:

    Code:
    tail -f /var/log/fail2ban.log
    L´IP del Host dovrebbe anche spuntare nella iptables:

    Code:
    iptables -L
     
    #2
    elcoro gefällt das.
  4. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    perfetto grazie mille , in pratica devo solo creare i filtri e modificare il conf , file2ban funziona sulla cccam salvando l'ip e bannandolo dopo tot volte niente piu' giusto ??

    ah una domanda come mai non mi invia l'email di notifica quando qualcuno viene bannato ? ho asnche configurato le due righe così :
    Code:
    [DEFAULT]
    
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host
    ignoreip = 127.0.0.1/8
    bantime  = 600
    maxretry = 3
    
    # "backend" specifies the backend used to get files modification. Available
    # options are "gamin", "polling" and "auto".
    # yoh: For some reason Debian shipped python-gamin didn't work as expected
    #      This issue left ToDo, so polling is default backend for now
    backend = polling
    
    #
    # Destination email address used solely for the interpolations in
    # jail.{conf,local} configuration files.
    destemail = la mia e-mail
    #
    # ACTIONS
    #
    
    # Default banning action (e.g. iptables, iptables-new,
    # iptables-multiport, shorewall, etc) It is used to define
    # action_* variables. Can be overridden globally or per
    # section within jail.local file
    banaction = iptables-multiport
    
    # email action. Since 0.8.1 upstream fail2ban uses sendmail
    # MTA for the mailing. Change mta configuration parameter to mail
    # if you want to revert to conventional 'mail'.
    mta = sendmail
    
    # Default protocol
    protocol = tcp
    
    # Specify chain where jumps would need to be added in iptables-* actions
    chain = INPUT
    
    #
    # Action shortcuts. To be used to define action parameter
    
    # The simplest action to take: ban only
    action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report to the destemail.
    action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                  %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report and relevant log lines
    # to the destemail.
    action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                   %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
    
    # Choose default action.  To change, just override value of 'action' with the
    # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
    # globally (section [DEFAULT]) or per specific section
    action = %(action_)s
    
     
    Zuletzt von einem Moderator bearbeitet: 19. Juni 2012
    #3
  5. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Fai riavviare il fail2ban e posta il fail2ban.log!
     
    #4
  6. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    AW: fail2ban + cccam

    ho riavviato e ho sbagliato di proposito gli accessi per vedere se mi bannava e inviava l'email , ma fa solo il ban l'email non arriva .
    Code:
    2012-06-20 14:27:19,170 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-06-20 14:27:19,188 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,189 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,191 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,192 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
    2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
    2012-06-20 14:27:19,242 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,243 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,245 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,245 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Creating new jail 'apache'
    2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Jail 'apache' uses poller
    2012-06-20 14:27:19,254 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,255 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,256 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Creating new jail 'apache-multiport'
    2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Jail 'apache-multiport' uses poller
    2012-06-20 14:27:19,268 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,269 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,270 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,277 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
    2012-06-20 14:27:19,278 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
    2012-06-20 14:27:19,279 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,280 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,281 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,290 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
    2012-06-20 14:27:19,291 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
    2012-06-20 14:27:19,292 fail2ban.filter : INFO   Set maxRetry = 2
    2012-06-20 14:27:19,293 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,294 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Creating new jail 'vsftpd'
    2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Jail 'vsftpd' uses poller
    2012-06-20 14:27:19,304 fail2ban.filter : INFO   Added logfile = /var/log/vsftpd.log
    2012-06-20 14:27:19,304 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,306 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,306 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Creating new jail 'proftpd'
    2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Jail 'proftpd' uses poller
    2012-06-20 14:27:19,317 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,319 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,319 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,332 fail2ban.jail   : INFO   Creating new jail 'pure-ftpd'
    2012-06-20 14:27:19,333 fail2ban.jail   : INFO   Jail 'pure-ftpd' uses poller
    2012-06-20 14:27:19,334 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,335 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,336 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,337 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Creating new jail 'wuftpd'
    2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Jail 'wuftpd' uses poller
    2012-06-20 14:27:19,347 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,348 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,349 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,350 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,361 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-06-20 14:27:19,389 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
    2012-06-20 14:27:19,410 fail2ban.jail   : INFO   Jail 'apache' started
    2012-06-20 14:27:19,423 fail2ban.jail   : INFO   Jail 'apache-multiport' started
    2012-06-20 14:27:19,439 fail2ban.jail   : INFO   Jail 'apache-noscript' started
    2012-06-20 14:27:19,452 fail2ban.jail   : INFO   Jail 'apache-overflows' started
    2012-06-20 14:27:19,456 fail2ban.jail   : INFO   Jail 'vsftpd' started
    2012-06-20 14:27:19,465 fail2ban.jail   : INFO   Jail 'proftpd' started
    2012-06-20 14:27:19,476 fail2ban.jail   : INFO   Jail 'pure-ftpd' started
    2012-06-20 14:27:19,488 fail2ban.jail   : INFO   Jail 'wuftpd' started
    2012-06-20 14:29:21,524 fail2ban.actions: WARNING [ssh] Ban 192.168.1.128
    premetto che ancora devo implementarlo per la cccam
     
    #5
  7. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.229
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Prova cosi:

    Code:
    [DEFAULT]
    
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host
    ignoreip = 127.0.0.1/8
    bantime  = 600
    maxretry = 3
    
    # "backend" specifies the backend used to get files modification. Available
    # options are "gamin", "polling" and "auto".
    # yoh: For some reason Debian shipped python-gamin didn't work as expected
    #      This issue left ToDo, so polling is default backend for now
    backend = polling
    
    #
    # Destination email address used solely for the interpolations in
    # jail.{conf,local} configuration files.
    destemail = la mia e-mail
    #
    # ACTIONS
    #
    
    # Default banning action (e.g. iptables, iptables-new,
    # iptables-multiport, shorewall, etc) It is used to define
    # action_* variables. Can be overridden globally or per
    # section within jail.local file
    banaction = iptables-multiport
    
    # email action. Since 0.8.1 upstream fail2ban uses sendmail
    # MTA for the mailing. Change mta configuration parameter to mail
    # if you want to revert to conventional 'mail'.
    mta = sendmail
    
    # Default protocol
    protocol = tcp
    
    # Specify chain where jumps would need to be added in iptables-* actions
    chain = INPUT
    
    #
    # Action shortcuts. To be used to define action parameter
    
    # The simplest action to take: ban only[SIZE=3][COLOR=#ff0000][B]
    #[/B][/COLOR][/SIZE]action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report to the destemail.
    [SIZE=3][COLOR=#ff0000][B]#[/B][/COLOR][/SIZE]action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                  %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report and relevant log lines
    # to the destemail.
    action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                   %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
    
    # Choose default action.  To change, just override value of 'action' with the
    # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
    # globally (section [DEFAULT]) or per specific section
    action = %(action_)s
    
     
    #6
    elcoro gefällt das.
  8. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    AW: fail2ban + cccam

    ciao scusa il ritardo , mettendo i due cancelletti vicino alle righe non mi fa partire piu' il demone , mi da una serie di errori . invece se li levo tutto ok ma sempre non mi arriva l'email.
     
    #7

Diese Seite empfehlen