Fail2ban ssh: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 22: | Zeile 22: | ||
=Status checken= | =Status checken= | ||
*'''fail2ban-client status sshd''' | *'''fail2ban-client status sshd''' | ||
| − | + | ||
| − | Status for the jail: sshd | + | Status for the jail: sshd |
| − | |- Filter | + | |- Filter |
| − | | |- Currently failed: 1 | + | | |- Currently failed: 1 |
| − | | |- Total failed: 14 | + | | |- Total failed: 14 |
| − | | `- File list: /var/log/auth.log | + | | `- File list: /var/log/auth.log |
| − | `- Actions | + | `- Actions |
| − | + | |- Currently banned: 1 | |
| − | + | |- Total banned: 1 | |
| − | + | `- Banned IP list: 10.0.1''xx''.2 | |
| − | |||
*'''iptables -nvL''' | *'''iptables -nvL''' | ||
Version vom 11. August 2023, 06:00 Uhr
Brute Force auf den SFTP Server vom DNS Server aus
Hydra installieren (Hacking & Security Seite 136)
- apt update
- apt install hydra
Passwordliste laden
Angriff starten
- hydra -l gast -s 2222 -P bad-passwords sftp.lab1xx.sec ssh
sshd in fail2ban aktivieren
- vim /etc/fail2ban/jail.local
[sshd] enable = true port = 2222
fail2ban neustarten
- systemctl restart fail2ban
Status checken
- fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 1 | |- Total failed: 14 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 10.0.1xx.2
- iptables -nvL
Alles unbannen
- fail2ban-client unban --all