Dies ist eine mobil optimierte Seite, die schnell lädt. Wenn Sie die Seite ohne Optimierung laden möchten, dann klicken Sie auf diesen Text.

Problema fail2ban + cccam

    Nobody is reading this thread right now.
N

Nexet

Ist gelegentlich hier
Registriert
25. März 2012
Beiträge
58
Reaktionspunkte
0
Punkte
6
salve a tutti , girovagando un pò ho trovato il software fail2ban che aiuta a proteggere il server da attacchi via ssh , ftp ecc. e si puo' utilizzare anche per cacciare alcuni host indesiderati dalla cccam , qualcuno potrebbe aiutarmi a capire come configurarlo ? grazie mille .
 
AW: fail2ban + cccam

Fai cosi:

Code: 
apt-get install fail2ban

Code: 
nano /etc/fail2ban/jail.conf

Qui ci devi inserire queste regole:

Code: 
[cccam_sigfail]  
enabled = true 
port = 12000 
filter = cccam-signature 
logpath = /var/log/syslog 
bantime = 1800 
maxretry = 10   

[cccam_badcmd]  
enabled = true 
port = 12000 
filter = cccam-command 
logpath = /var/log/syslog 
bantime  = 1800 
maxretry = 10   

[cccam_2login]  
enabled = true 
port = 12000 
filter = cccam-login 
logpath = /var/log/syslog 
bantime = 1800 
maxretry = 10   

[cccam_illegal]  
enabled = true  
port = 12000  
filter = cccam-illegal  
logpath = /var/log/syslog 
bantime = 1800  
maxretry = 10

La porta 12000 la devi cambiare se e un altra!!

Dopo aver fatto tutto questo devi configurare alcune files!

Code: 
nano /etc/fail2ban/filter.d/cccam-signature.conf

Qui ci inserisci questo:

Code: 
[Definition] 
failregex = CCcam: kick <HOST>, signature failed 
ignoreregex =

Code: 
nano /etc/fail2ban/filter.d/cccam-login.conf

Code: 
[Definition] 
failregex = CCcam: double login .*, .* \(<HOST>\) 
ignoreregex =

Code: 
nano /etc/fail2ban/filter.d/cccam-command.conf

Code: 
[Definition] 
failregex = CCcam: kick <HOST>.*, bad command 
ignoreregex =

Code: 
nano /etc/fail2ban/filter.d/cccam-illegal.conf

Code: 
[Definition]  
failregex = CCcam: illegal user .* from <HOST>  
ignoreregex =

Tutto qui, ora devi solo fare un restart del deamon!

Code: 
/etc/init.d/fail2ban restart

Per vedere se qualcuno a provato ad entrare sul server senza permesso puoi dare questo commando:

Code: 
tail -f /var/log/fail2ban.log

L´IP del Host dovrebbe anche spuntare nella iptables:

Code: 
iptables -L
 
perfetto grazie mille , in pratica devo solo creare i filtri e modificare il conf , file2ban funziona sulla cccam salvando l'ip e bannandolo dopo tot volte niente piu' giusto ??

ah una domanda come mai non mi invia l'email di notifica quando qualcuno viene bannato ? ho asnche configurato le due righe così :
Code: 
[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
#      This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = la mia e-mail
#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
 
Zuletzt bearbeitet von einem Moderator:
AW: fail2ban + cccam

Fai riavviare il fail2ban e posta il fail2ban.log!
 
AW: fail2ban + cccam

ho riavviato e ho sbagliato di proposito gli accessi per vedere se mi bannava e inviava l'email , ma fa solo il ban l'email non arriva .
Code: 
2012-06-20 14:27:19,170 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Creating new jail 'ssh'
2012-06-20 14:27:19,171 fail2ban.jail   : INFO   Jail 'ssh' uses poller
2012-06-20 14:27:19,188 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-06-20 14:27:19,189 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,191 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,192 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Creating new jail 'ssh-ddos'
2012-06-20 14:27:19,240 fail2ban.jail   : INFO   Jail 'ssh-ddos' uses poller
2012-06-20 14:27:19,242 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-06-20 14:27:19,243 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,245 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,245 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Creating new jail 'apache'
2012-06-20 14:27:19,253 fail2ban.jail   : INFO   Jail 'apache' uses poller
2012-06-20 14:27:19,254 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,255 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,256 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Creating new jail 'apache-multiport'
2012-06-20 14:27:19,266 fail2ban.jail   : INFO   Jail 'apache-multiport' uses poller
2012-06-20 14:27:19,268 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,269 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,270 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,277 fail2ban.jail   : INFO   Creating new jail 'apache-noscript'
2012-06-20 14:27:19,278 fail2ban.jail   : INFO   Jail 'apache-noscript' uses poller
2012-06-20 14:27:19,279 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,280 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,281 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,290 fail2ban.jail   : INFO   Creating new jail 'apache-overflows'
2012-06-20 14:27:19,291 fail2ban.jail   : INFO   Jail 'apache-overflows' uses poller
2012-06-20 14:27:19,292 fail2ban.filter : INFO   Set maxRetry = 2
2012-06-20 14:27:19,293 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,294 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Creating new jail 'vsftpd'
2012-06-20 14:27:19,302 fail2ban.jail   : INFO   Jail 'vsftpd' uses poller
2012-06-20 14:27:19,304 fail2ban.filter : INFO   Added logfile = /var/log/vsftpd.log
2012-06-20 14:27:19,304 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,306 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,306 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Creating new jail 'proftpd'
2012-06-20 14:27:19,316 fail2ban.jail   : INFO   Jail 'proftpd' uses poller
2012-06-20 14:27:19,317 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,319 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,319 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,332 fail2ban.jail   : INFO   Creating new jail 'pure-ftpd'
2012-06-20 14:27:19,333 fail2ban.jail   : INFO   Jail 'pure-ftpd' uses poller
2012-06-20 14:27:19,334 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-06-20 14:27:19,335 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,336 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,337 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Creating new jail 'wuftpd'
2012-06-20 14:27:19,345 fail2ban.jail   : INFO   Jail 'wuftpd' uses poller
2012-06-20 14:27:19,347 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
2012-06-20 14:27:19,348 fail2ban.filter : INFO   Set maxRetry = 3
2012-06-20 14:27:19,349 fail2ban.filter : INFO   Set findtime = 600
2012-06-20 14:27:19,350 fail2ban.actions: INFO   Set banTime = 600
2012-06-20 14:27:19,361 fail2ban.jail   : INFO   Jail 'ssh' started
2012-06-20 14:27:19,389 fail2ban.jail   : INFO   Jail 'ssh-ddos' started
2012-06-20 14:27:19,410 fail2ban.jail   : INFO   Jail 'apache' started
2012-06-20 14:27:19,423 fail2ban.jail   : INFO   Jail 'apache-multiport' started
2012-06-20 14:27:19,439 fail2ban.jail   : INFO   Jail 'apache-noscript' started
2012-06-20 14:27:19,452 fail2ban.jail   : INFO   Jail 'apache-overflows' started
2012-06-20 14:27:19,456 fail2ban.jail   : INFO   Jail 'vsftpd' started
2012-06-20 14:27:19,465 fail2ban.jail   : INFO   Jail 'proftpd' started
2012-06-20 14:27:19,476 fail2ban.jail   : INFO   Jail 'pure-ftpd' started
2012-06-20 14:27:19,488 fail2ban.jail   : INFO   Jail 'wuftpd' started
2012-06-20 14:29:21,524 fail2ban.actions: WARNING [ssh] Ban 192.168.1.128

premetto che ancora devo implementarlo per la cccam
 
AW: fail2ban + cccam

Prova cosi:

Code: 
[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1/8
bantime  = 600
maxretry = 3

# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto".
# yoh: For some reason Debian shipped python-gamin didn't work as expected
#      This issue left ToDo, so polling is default backend for now
backend = polling

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = la mia e-mail
#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only[SIZE=3][COLOR=#ff0000][B]
#[/B][/COLOR][/SIZE]action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
[SIZE=3][COLOR=#ff0000][B]#[/B][/COLOR][/SIZE]action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s
 
AW: fail2ban + cccam

ciao scusa il ritardo , mettendo i due cancelletti vicino alle righe non mi fa partire piu' il demone , mi da una serie di errori . invece se li levo tutto ok ma sempre non mi arriva l'email.
 
Du musst dich einloggen oder registrieren, um hier zu antworten.

Ähnliche Themen

B
Vu+ e Oscam per Smartcard Tivusat
2
Antworten
22
Aufrufe
10K
meppo
M
I
Diskussione CCcam 2.3.2
Antworten
12
Aufrufe
8K
tonymoog
T
G
VUSOLO4K
Antworten
10
Aufrufe
1K
niosi
A
Diskussione Vu+Solo 4k + scheda Tivusat
Antworten
14
Aufrufe
8K
niosi
Problema Problemi configurazione OSCAM Tivusat mut@nt HD51
Antworten
0
Aufrufe
1K
denimbank
Menü
Anmelden
Registrieren
Für die Nutzung dieser Website sind Cookies erforderlich. Du musst diese akzeptieren, um die Website weiter nutzen zu können. Erfahre mehr…