Fail2ban ssh: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 39: | Zeile 39: | ||
*'''vim /etc/fail2ban/jail.conf''' | *'''vim /etc/fail2ban/jail.conf''' | ||
[DEFAULT] | [DEFAULT] | ||
| − | backend = | + | backend = systemd |
| − | banaction = | + | banaction = nftables-multiport |
banaction_allports = nftables-allports | banaction_allports = nftables-allports | ||
| − | chain = | + | chain = input |
[recidive] | [recidive] | ||
banaction = nftables-allports | banaction = nftables-allports | ||
Version vom 22. Juli 2024, 11:27 Uhr
Hydra installieren (Hacking & Security Seite 136)
- apt update
- apt install hydra
Passwordliste laden
Angriff starten
- hydra -l gast -s 2222 -P bad-passwords sftp.lab1xx.sec ssh
sshd in fail2ban aktivieren
- vim /etc/fail2ban/jail.local
[sshd] enable = true port = 2222
fail2ban neustarten
- systemctl restart fail2ban
Status checken
- fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 14 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 10.0.1xx.2
- iptables -nvL
Alles unbannen
- fail2ban-client unban --all
Version mit nftables
- vim /etc/fail2ban/jail.conf
[DEFAULT] backend = systemd banaction = nftables-multiport banaction_allports = nftables-allports chain = input [recidive] banaction = nftables-allports