Information ausblenden
Das Digital Eliteboard ist ein Kostenloses Forum. Wenn du alle Bereiche sehen möchtest oder Fragen hast, musst du dich zunächst Registrieren.

Jetzt Registrieren

Problema fail2ban + cccam

Dieses Thema im Forum "Zona: Linux-Server" wurde erstellt von Nexet, 18. Juni 2012.

  1. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    6
    salve a tutti , girovagando un pò ho trovato il software fail2ban che aiuta a proteggere il server da attacchi via ssh , ftp ecc. e si puo' utilizzare anche per cacciare alcuni host indesiderati dalla cccam , qualcuno potrebbe aiutarmi a capire come configurarlo ? grazie mille .
     
    #1
  2. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.242
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Fai cosi:

    Code:
    apt-get install fail2ban
    Code:
    nano /etc/fail2ban/jail.conf
    Qui ci devi inserire queste regole:

    Code:
    [cccam_sigfail]  
    enabled = true 
    port = 12000 
    filter = cccam-signature 
    logpath = /var/log/syslog 
    bantime = 1800 
    maxretry = 10   
    
    [cccam_badcmd]  
    enabled = true 
    port = 12000 
    filter = cccam-command 
    logpath = /var/log/syslog 
    bantime  = 1800 
    maxretry = 10   
    
    [cccam_2login]  
    enabled = true 
    port = 12000 
    filter = cccam-login 
    logpath = /var/log/syslog 
    bantime = 1800 
    maxretry = 10   
    
    [cccam_illegal]  
    enabled = true  
    port = 12000  
    filter = cccam-illegal  
    logpath = /var/log/syslog 
    bantime = 1800  
    maxretry = 10
    La porta 12000 la devi cambiare se e un altra!!

    Dopo aver fatto tutto questo devi configurare alcune files!

    Code:
    nano /etc/fail2ban/filter.d/cccam-signature.conf
    Qui ci inserisci questo:

    Code:
    [Definition] 
    failregex = CCcam: kick <HOST>, signature failed 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-login.conf
    Code:
    [Definition] 
    failregex = CCcam: double login .*, .* \(<HOST>\) 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-command.conf
    Code:
    [Definition] 
    failregex = CCcam: kick <HOST>.*, bad command 
    ignoreregex =
    Code:
    nano /etc/fail2ban/filter.d/cccam-illegal.conf
    Code:
    [Definition]  
    failregex = CCcam: illegal user .* from <HOST>  
    ignoreregex =
    Tutto qui, ora devi solo fare un restart del deamon!

    Code:
    /etc/init.d/fail2ban restart
    Per vedere se qualcuno a provato ad entrare sul server senza permesso puoi dare questo commando:

    Code:
    tail -f /var/log/fail2ban.log
    L´IP del Host dovrebbe anche spuntare nella iptables:

    Code:
    iptables -L
     
    #2
    elcoro gefällt das.
  3. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    6
    perfetto grazie mille , in pratica devo solo creare i filtri e modificare il conf , file2ban funziona sulla cccam salvando l'ip e bannandolo dopo tot volte niente piu' giusto ??

    ah una domanda come mai non mi invia l'email di notifica quando qualcuno viene bannato ? ho asnche configurato le due righe così :
    Code:
    [DEFAULT]
    
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host
    ignoreip = 127.0.0.1/8
    bantime  = 600
    maxretry = 3
    
    # "backend" specifies the backend used to get files modification. Available
    # options are "gamin", "polling" and "auto".
    # yoh: For some reason Debian shipped python-gamin didn't work as expected
    #      This issue left ToDo, so polling is default backend for now
    backend = polling
    
    #
    # Destination email address used solely for the interpolations in
    # jail.{conf,local} configuration files.
    destemail = la mia e-mail
    #
    # ACTIONS
    #
    
    # Default banning action (e.g. iptables, iptables-new,
    # iptables-multiport, shorewall, etc) It is used to define
    # action_* variables. Can be overridden globally or per
    # section within jail.local file
    banaction = iptables-multiport
    
    # email action. Since 0.8.1 upstream fail2ban uses sendmail
    # MTA for the mailing. Change mta configuration parameter to mail
    # if you want to revert to conventional 'mail'.
    mta = sendmail
    
    # Default protocol
    protocol = tcp
    
    # Specify chain where jumps would need to be added in iptables-* actions
    chain = INPUT
    
    #
    # Action shortcuts. To be used to define action parameter
    
    # The simplest action to take: ban only
    action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report to the destemail.
    action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                  %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report and relevant log lines
    # to the destemail.
    action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                   %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
    
    # Choose default action.  To change, just override value of 'action' with the
    # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
    # globally (section [DEFAULT]) or per specific section
    action = %(action_)s
    
     
    Zuletzt von einem Moderator bearbeitet: 19. Juni 2012
    #3
  4. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.242
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Fai riavviare il fail2ban e posta il fail2ban.log!
     
    #4
  5. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    6
    AW: fail2ban + cccam

    ho riavviato e ho sbagliato di proposito gli accessi per vedere se mi bannava e inviava l'email , ma fa solo il ban l'email non arriva .
    Code:
    2012-06-20 14:27:19,170 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-06-20 14:27:19,188 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,189 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,191 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,192 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
    2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
    2012-06-20 14:27:19,242 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,243 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,245 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,245 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Creating new jail 'apache'
    2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Jail 'apache' uses poller
    2012-06-20 14:27:19,254 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,255 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,256 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Creating new jail 'apache-multiport'
    2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Jail 'apache-multiport' uses poller
    2012-06-20 14:27:19,268 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,269 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,270 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,277 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
    2012-06-20 14:27:19,278 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
    2012-06-20 14:27:19,279 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,280 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,281 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,290 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
    2012-06-20 14:27:19,291 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
    2012-06-20 14:27:19,292 fail2ban.filter : INFO   Set maxRetry = 2
    2012-06-20 14:27:19,293 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,294 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Creating new jail 'vsftpd'
    2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Jail 'vsftpd' uses poller
    2012-06-20 14:27:19,304 fail2ban.filter : INFO   Added logfile = /var/log/vsftpd.log
    2012-06-20 14:27:19,304 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,306 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,306 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Creating new jail 'proftpd'
    2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Jail 'proftpd' uses poller
    2012-06-20 14:27:19,317 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,319 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,319 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,332 fail2ban.jail   : INFO   Creating new jail 'pure-ftpd'
    2012-06-20 14:27:19,333 fail2ban.jail   : INFO   Jail 'pure-ftpd' uses poller
    2012-06-20 14:27:19,334 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,335 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,336 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,337 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Creating new jail 'wuftpd'
    2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Jail 'wuftpd' uses poller
    2012-06-20 14:27:19,347 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-06-20 14:27:19,348 fail2ban.filter : INFO   Set maxRetry = 3
    2012-06-20 14:27:19,349 fail2ban.filter : INFO   Set findtime = 600
    2012-06-20 14:27:19,350 fail2ban.actions: INFO   Set banTime = 600
    2012-06-20 14:27:19,361 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-06-20 14:27:19,389 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
    2012-06-20 14:27:19,410 fail2ban.jail   : INFO   Jail 'apache' started
    2012-06-20 14:27:19,423 fail2ban.jail   : INFO   Jail 'apache-multiport' started
    2012-06-20 14:27:19,439 fail2ban.jail   : INFO   Jail 'apache-noscript' started
    2012-06-20 14:27:19,452 fail2ban.jail   : INFO   Jail 'apache-overflows' started
    2012-06-20 14:27:19,456 fail2ban.jail   : INFO   Jail 'vsftpd' started
    2012-06-20 14:27:19,465 fail2ban.jail   : INFO   Jail 'proftpd' started
    2012-06-20 14:27:19,476 fail2ban.jail   : INFO   Jail 'pure-ftpd' started
    2012-06-20 14:27:19,488 fail2ban.jail   : INFO   Jail 'wuftpd' started
    2012-06-20 14:29:21,524 fail2ban.actions: WARNING [ssh] Ban 192.168.1.128
    premetto che ancora devo implementarlo per la cccam
     
    #5
  6. meister85
    Offline

    meister85 VIP

    Registriert:
    21. September 2009
    Beiträge:
    7.927
    Zustimmungen:
    5.242
    Punkte für Erfolge:
    113
    AW: fail2ban + cccam

    Prova cosi:

    Code:
    [DEFAULT]
    
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host
    ignoreip = 127.0.0.1/8
    bantime  = 600
    maxretry = 3
    
    # "backend" specifies the backend used to get files modification. Available
    # options are "gamin", "polling" and "auto".
    # yoh: For some reason Debian shipped python-gamin didn't work as expected
    #      This issue left ToDo, so polling is default backend for now
    backend = polling
    
    #
    # Destination email address used solely for the interpolations in
    # jail.{conf,local} configuration files.
    destemail = la mia e-mail
    #
    # ACTIONS
    #
    
    # Default banning action (e.g. iptables, iptables-new,
    # iptables-multiport, shorewall, etc) It is used to define
    # action_* variables. Can be overridden globally or per
    # section within jail.local file
    banaction = iptables-multiport
    
    # email action. Since 0.8.1 upstream fail2ban uses sendmail
    # MTA for the mailing. Change mta configuration parameter to mail
    # if you want to revert to conventional 'mail'.
    mta = sendmail
    
    # Default protocol
    protocol = tcp
    
    # Specify chain where jumps would need to be added in iptables-* actions
    chain = INPUT
    
    #
    # Action shortcuts. To be used to define action parameter
    
    # The simplest action to take: ban only[SIZE=3][COLOR=#ff0000][B]
    #[/B][/COLOR][/SIZE]action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report to the destemail.
    [SIZE=3][COLOR=#ff0000][B]#[/B][/COLOR][/SIZE]action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                  %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
    
    # ban & send an e-mail with whois report and relevant log lines
    # to the destemail.
    action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
                   %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
    
    # Choose default action.  To change, just override value of 'action' with the
    # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
    # globally (section [DEFAULT]) or per specific section
    action = %(action_)s
    
     
    #6
    elcoro gefällt das.
  7. Nexet
    Offline

    Nexet Ist gelegentlich hier

    Registriert:
    25. März 2012
    Beiträge:
    58
    Zustimmungen:
    0
    Punkte für Erfolge:
    6
    AW: fail2ban + cccam

    ciao scusa il ritardo , mettendo i due cancelletti vicino alle righe non mi fa partire piu' il demone , mi da una serie di errori . invece se li levo tutto ok ma sempre non mi arriva l'email.
     
    #7

Direkt Antworten

Überprüfung:
Der Entwurf wurde gespeichert Der Entwurf wurde gelöscht

Diese Seite empfehlen

OK Mehr information

Diese Seite verwendet Cookies. Mit Ihrem Klick auf OK stimmen Sie der Verwendung von Cookies zu. Andernfalls ist die Funktionalität dieser Website beschränkt.