RoDP.Net

Home
Feed
debian fun lighttpd linux microsoft multimedia mysql novell securitate software stiri tips ubuntu windows
Contact

Protectie impotriva nmap folosind fail2ban

8th January 2008, 12:47 pm

Avem nevoie de doua pachete: scanlogd si fail2ban.

# apt-get install scanlogd

# nmap 192.168.0.1
tail /var/log/syslog
Jan 8 11:37:05 naboo scanlogd: 192.168.0.2 to 192.168.0.1 ports 80, 53, 443, 25, 636, 22, …, f??p?uxy, TOS 00, TTL 64 @11:37:05

Observam ca scanlogd a detectat scanarea

Ne trebuie versiunea 0.8.1 pentru a avea optiunea iptables-allports. Pachetul se afla in testing.

# apt-get install -t testing fail2ban

Adaugam in jail.conf regula pentru nmap

# vi /etc/fail2ban/jail.conf
[nmap]

enabled = true
port =
banaction = iptables-allports
logpath = /var/log/syslog
maxretry = 1
filter = scanlogd

Apoi adaugam filtru scanlogd

# vi /etc/fail2ban/filter.d/scanlogd.conf

[Definition]
failregex = scanlogd: <HOST>
ignoreregex =

Pentru a vedea daca a functionat puteti folosi urmatoarele comenzi:

# iptables -L -v
# fail2ban-client status nmap
# fail2ban-client status

Logul in care va mai puteti uita este:

/var/log/fail2ban.log

Tags: debian, linux

Comment (RSS) | Trackback

Protectie impotriva nmap folosind fail2ban

Leave a comment

Pages

Recent Posts

Archives