Howto: fail2ban pentru CCcam - Instalare Debian
fail2ban te apärä de : Double Logins, Bad command sau Signature failed , si blocheaza IP-ul de la care vine atacul si pentru un timp il blocheazä. fail2ban are grijä de Logfile daemon.log si il activeazä
INSTALARE :
Deschizi Putty te conectezi la ip-ul unde ai instalat Debianul si dai comanda :
Quote:
apt-get install fail2ban -y
Cu WinScp deschizi sau alt program LinuxEditor ,<< /etc/fail2ban/jail.conf >>unde la sfärsit editezi , copiezi :
Quote:
[cccam_signaturefailed]
enabled = true
port = 12000
filter = cccam-signature
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10
[cccam_badcommand]
enabled = true
port = 12000
filter = cccam-command
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10
[cccam_doublelogin]
enabled = true
port = 12000
filter = cccam-login
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10
[cccam_illegal]
enabled = true
port = 12000
filter = cccam-illegal
logpath = /var/log/syslog
bantime = 1800
maxretry = 10
Dupä care se poate edita dupä placul fiecäruia :
maxretry = Incercari inainte de a fi banat ip-ul
bantime = Timpul banari este in secunde !!!
port = Bineinteles si portul de Cccam al vostru !
Acum trebuie sa facem un filtru pentru fail2ban pentru a sti ce trebuie sa filtreze :
Deschizi : << /etc/fail2ban/filter.d/ >>
Creezi un Ordner sau folder cum ii ziceti , in care introduceti sau copiati Urmatoarele :
cccam-signature.conf
Quote:
[Definition]
failregex = CCcam: kick <HOST>, signature failed
ignoreregex =
cccam-login.conf
Quote:
[Definition]
failregex = CCcam: double login .*, .* \(<HOST>\)
ignoreregex =
cccam-command.conf
Quote:
[Definition]
failregex = CCcam: kick <HOST>.*, bad command
ignoreregex =
cccam-illegal.conf
Quote:
[Definition]
failregex = CCcam: illegal user .* from <HOST>
ignoreregex =
Daca ai terminat trebuie restartat fail2ban ( Putty )
/etc/init.d/fail2ban restart
Daca ai facut totul corect vei putea vedea in :
<< /var/log/fail2ban.log >>
Succes
