Diferencias

Muestra las diferencias entre dos versiones de la página.

--- charlas_eventos:start [2010/08/23 17:49] – cayu
+++ charlas_eventos:start [2010/08/27 15:07] – cayu
@@ Línea 147: / Línea 147: @@
 Fail2ban lee los logs (por ejemplo) /var/log/pwdfail o /var/log/apache/error_log y veta todas aquellas ips que fallan un determinado número de veces. Este veto se realiza actualizando el firewall (tipicamente iptables).
+<code>
+apt-get install fail2ban
+</code>
+**/etc/fail2ban/jail.local**
+<code>
+[DEFAULT]
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host
+ignoreip = 127.0.0.1 192.168.0.99
+bantime  = 600
+maxretry = 3
+# "backend" specifies the backend used to get files modification. Available
+# options are "gamin", "polling" and "auto".
+# yoh: For some reason Debian shipped python-gamin didn't work as expected
+#      This issue left ToDo, so polling is default backend for now
+backend = polling
+#
+# Destination email address used solely for the interpolations in
+# jail.{conf,local} configuration files.
+destemail = root@localhost
+# Default action to take: ban only
+action = iptables[name=%(__name__)s, port=%(port)s]
+[ssh]
+enabled = true
+port    = ssh
+filter  = sshd
+logpath  = /var/log/auth.log
+maxretry = 5
+[apache]
+enabled = true
+port    = http
+filter  = apache-auth
+logpath = /var/log/apache*/*error.log
+maxretry = 5
+[apache-noscript]
+enabled = false
+port    = http
+filter  = apache-noscript
+logpath = /var/log/apache*/*error.log
+maxretry = 5
+[vsftpd]
+enabled  = false
+port     = ftp
+filter   = vsftpd
+logpath  = /var/log/auth.log
+maxretry = 5
+[proftpd]
+enabled  = true
+port     = ftp
+filter   = proftpd
+logpath  = /var/log/auth.log
+failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+maxretry = 5
+[wuftpd]
+enabled  = false
+port     = ftp
+filter   = wuftpd
+logpath  = /var/log/auth.log
+maxretry = 5
+[postfix]
+enabled  = false
+port     = smtp
+filter   = postfix
+logpath  = /var/log/mail.log
+maxretry = 5
+[courierpop3]
+enabled  = true
+port     = pop3
+filter   = courierlogin
+failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:<HOST>\]
+logpath  = /var/log/mail.log
+maxretry = 5
+[courierimap]
+enabled  = true
+port     = imap2
+filter   = courierlogin
+failregex = imapd: LOGIN FAILED.*ip=\[.*:<HOST>\]
+logpath  = /var/log/mail.log
+maxretry = 5
+[sasl]
+enabled  = true
+port     = smtp
+filter   = sasl
+failregex = warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
+logpath  = /var/log/mail.log
+maxretry = 5
+</code>