Fail2ban ssh: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (30 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | =Hydra installieren= | + | =Hydra installieren (''Hacking & Security'' Seite 136)= |
| − | *apt install hydra | + | *'''apt update''' |
| − | = | + | *'''apt install hydra''' |
| − | *hydra -l | + | |
| + | =Passwordliste laden= | ||
| + | *wget https://xinux.de/downloads/bad-passwords | ||
| + | |||
| + | =Angriff starten= | ||
| + | *'''hydra -l gast -s 2222 -P bad-passwords sftp.lab1''xx''.sec ssh''' | ||
| + | |||
=sshd in fail2ban aktivieren= | =sshd in fail2ban aktivieren= | ||
| − | * | + | *'''vim /etc/fail2ban/jail.local''' |
| + | |||
| + | [sshd] | ||
| + | enable = true | ||
| + | port = 2222 | ||
| + | backend = systemd | ||
| + | # Alle Ports blockieren | ||
| + | # port = 0:65535 | ||
| + | |||
=fail2ban neustarten= | =fail2ban neustarten= | ||
| + | *systemctl restart fail2ban | ||
| + | =Status checken= | ||
| + | *'''fail2ban-client status sshd''' | ||
| + | |||
| + | Status for the jail: sshd | ||
| + | |- Filter | ||
| + | | |- Currently failed: 1 | ||
| + | | |- Total failed: 14 | ||
| + | | `- File list: /var/log/auth.log | ||
| + | `- Actions | ||
| + | |- Currently banned: 1 | ||
| + | |- Total banned: 1 | ||
| + | `- Banned IP list: 10.0.1''xx''.2 | ||
| + | |||
| + | *'''iptables -nvL''' | ||
| + | |||
| + | =Alles unbannen= | ||
| + | *fail2ban-client unban --all | ||
| + | |||
| + | = Version mit nftables = | ||
| + | *'''vim /etc/fail2ban/jail.conf''' | ||
| + | [DEFAULT] | ||
| + | backend = systemd | ||
| + | ... | ||
| + | banaction = nftables-multiport | ||
| + | # banaction = nftables-multiport[blocktype=drop] | ||
| + | banaction_allports = nftables-allports | ||
| + | # banaction_allports = nftables-allports[blocktype=drop] | ||
| + | ... | ||
| + | chain = input | ||
| + | ... | ||
| + | [recidive] | ||
| + | banaction = nftables-allports | ||
Aktuelle Version vom 24. Oktober 2024, 11:18 Uhr
Hydra installieren (Hacking & Security Seite 136)
- apt update
- apt install hydra
Passwordliste laden
Angriff starten
- hydra -l gast -s 2222 -P bad-passwords sftp.lab1xx.sec ssh
sshd in fail2ban aktivieren
- vim /etc/fail2ban/jail.local
[sshd] enable = true port = 2222 backend = systemd # Alle Ports blockieren # port = 0:65535
fail2ban neustarten
- systemctl restart fail2ban
Status checken
- fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 14 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 10.0.1xx.2
- iptables -nvL
Alles unbannen
- fail2ban-client unban --all
Version mit nftables
- vim /etc/fail2ban/jail.conf
[DEFAULT] backend = systemd ... banaction = nftables-multiport # banaction = nftables-multiport[blocktype=drop] banaction_allports = nftables-allports # banaction_allports = nftables-allports[blocktype=drop] ... chain = input ... [recidive] banaction = nftables-allports