View Full Version : AJUTOR ! Fail2ban rule sa blocheze automat ce genereaza failban OSCAM
Salutare , stie cineva cum pot adauga un "rule" in fail2ban (ubuntu) in functie de ce genereaza FAILBAN din oscam (/var/log/oscam/oscamuser.log) ?
Multumesc !
Vezi sa nu se intre de mai multe ori cu acelasi user !
Salut, am facut eu de ceva vreme ...
in fisierul /etc/fail2ban/jail.conf bagi asta
[oscam-tcp]
enabled = true
filter = oscam
port = 12200
protocol = tcp
logpath = /var/log/oscam/oscamuser.log
banaction = iptables-allports
findtime = 1800
bantime = 36000
bineinteles schimbi portul si logpath daca difera.
jar in folderul /etc/fail2ban/filter.d creezi un fisier oscam.conf si bagi asta in fisier
# Fail2Ban configuration file
#
# Author: Bust3D
#
[Definition]
# Option: failregex
# Notes.: regex to match the oscam user failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# After modifying or adding new expressions test with command,
# fail2ban-regex /path/to/your/oscam.log /etc/fail2ban/filter.d/oscam1.conf
# Values: TEXT
#
failregex = (.)*(plain|encrypted) (.)*-client <HOST> rejected \((no such user|unknown user)\)$
(.)*(plain|encrypted) (.)*-client <HOST> rejected \(disabled account\)$
(.)*(plain|encrypted) (.)*-client <HOST> rejected \(invalid access\)$
(.)*duplicate user '(.)*' from <HOST> (.)*$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Aici am facut sa recunoasca user necunoscut , conturi blocate si utilizatori duplicate.
Sper sa va fie de folos.
Sarbatori fericite :P
Bos...
Inviato dal mio SM-G935F utilizzando Tapatalk
Salut , am facut cum mi-ai recomandat , dar se pare ca tot intra IP-ul ce vreau sa il blochez
la fail2ban-client status oscam-tcp am 0 ip-uri blocate
Status for the jail: oscam-tcp
|- filter
| |- File list: /var/log/oscam/oscamuser.log
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
iar la iptables -S in ssh imi da singurele linii legate de oscam :
-A INPUT -p tcp -j fail2ban-oscam-tcp
-A fail2ban-oscam-tcp -j RETURN
ai idee de ce as putea incerca ? am verificat si oscamuser.log si contine intr-adevar log de la useri
Multumesc Bust3d pt ajutor , problema fiind la oscam.log , nu oscamuser.log
Deci config-ul arata asa acum :
[oscam-tcp]
enabled = true
filter = oscam
port = 12200
protocol = tcp
logpath = /var/log/oscam/oscam.log
banaction = iptables-allports
findtime = 1800
bantime = 36000
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.