fail2ban te apärä de : Double Logins, Bad command sau Signature failed , si blocheaza IP-ul de la care vine atacul si pentru un timp il blocheazä. fail2ban are grijä de Logfile daemon.log si il activeazä

INSTALARE :
Deschizi Putty te conectezi la ip-ul unde ai instalat Debianul si dai comanda :

apt-get install fail2ban -y

Cu WinScp deschizi sau alt program LinuxEditor ,<< /etc/fail2ban/jail.conf >>unde la sfärsit editezi , copiezi :


[cccam_signaturefailed]
enabled = true
port = 12000
filter = cccam-signature
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_badcommand]
enabled = true
port = 12000
filter = cccam-command
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_doublelogin]
enabled = true
port = 12000
filter = cccam-login
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_illegal]
enabled = true
port = 12000
filter = cccam-illegal
logpath = /var/log/syslog
bantime = 1800
maxretry = 10

Dupä care se poate edita dupä placul fiecäruia :

maxretry = Incercari inainte de a fi banat ip-ul
bantime = Timpul banari este in secunde !!!
port = Bineinteles si portul de Cccam al vostru !


Acum trebuie sa facem un filtru pentru fail2ban pentru a sti ce trebuie sa filtreze :

Deschizi : << /etc/fail2ban/filter.d/ >>

Creezi un Ordner sau folder cum ii ziceti , in care introduceti sau copiati Urmatoarele :

cccam-signature.conf

[Definition]
failregex = CCcam: kick <HOST>, signature failed
ignoreregex =

cccam-login.conf

[Definition]
failregex = CCcam: double login .*, .* \(<HOST>\)
ignoreregex = cccam-command.conf

[Definition]
failregex = CCcam: kick <HOST>.*, bad command
ignoreregex =

cccam-illegal.conf

[Definition]
failregex = CCcam: illegal user .* from <HOST>
ignoreregex =

Daca ai terminat trebuie restartat fail2ban ( Putty )


/etc/init.d/fail2ban restart

Daca ai facut totul corect vei putea vedea in :

<< /var/log/fail2ban.log >>

Succes

Buna.

As avea o intrebare: ce scriem in loc de HOST in cele patru configuri din folderul filter.d ?

---------- Post added at 14:06 ---------- Previous post was at 13:38 ----------

si care ar fi diferenta intre un alt tutorial gasit pe un alt forum:
If you use Ubuntu distro use: apt-get install fail2ban
Next command you need to use is (use telnet for this):
nano /etc/fail2ban/jail.confLook for these lines:# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.72 #here you need to put addresses that will be ignored by fail2ban - add IPs of your receivers/clients at home!
maxretry = 3… and add these lines:
[cccam-12000]
enabled = true
port = 12000 #port of your cccam server. I have 12333 for example.
filter = cccam
action = iptables[name=CCcam0, port=12000, protocol=tcp] #here you only need to change port to 12333 for example.
logpath = /tmp/warnings.txt
maxretry = 10
bantime = 6000 #this is in seconds. User will be banned 6000 seconds.Next command (use telnet):
nano /etc/fail2ban/filter.d/cccam.confAdd this into cccam.conf file:
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 510 $
#[Definition]# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?PS+)
# Values: TEXT
#
failregex = Connection from IP: Login Failed!# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =Next command is:
/etc/init.d/fail2ban restartLast command is:
chkconfig fail2ban onUsing this command, fail2ban will start automatically with system start.
Now all CCcam crash problems should be gone. If not, then you have other problems (problematic peer, bad RAM sticks, etc.) If you want to check which IPs are blocked, type this in putty using SSH or telnet:
iptables --list

Cred ca e o eroare in acest config:

[cccam_illegal]
enabled = true
port = 12000
filter = cccam-illegal
logpath = /var/log/syslog (sau daemon.log)
bantime = 1800
maxretry = 10