fail2ban te apärä de : Double Logins, Bad command sau Signature failed , si blocheaza IP-ul de la care vine atacul si pentru un timp il blocheazä. fail2ban are grijä de Logfile daemon.log si il activeazä

INSTALARE :
Deschizi Putty te conectezi la ip-ul unde ai instalat Debianul si dai comanda :
apt-get install fail2ban -y
Cu WinScp deschizi sau alt program LinuxEditor ,<< /etc/fail2ban/jail.conf >>unde la sfärsit editezi , copiezi :

[cccam_signaturefailed]
enabled = true
port = 12000
filter = cccam-signature
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_badcommand]
enabled = true
port = 12000
filter = cccam-command
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_doublelogin]
enabled = true
port = 12000
filter = cccam-login
logpath = /var/log/daemon.log
bantime = 1800
maxretry = 10

[cccam_illegal]
enabled = true
port = 12000
filter = cccam-illegal
logpath = /var/log/syslog
bantime = 1800
maxretry = 10
Dupä care se poate edita dupä placul fiecäruia :

maxretry = Incercari inainte de a fi banat ip-ul
bantime = Timpul banari este in secunde !!!
port = Bineinteles si portul de Cccam al vostru !


Acum trebuie sa facem un filtru pentru fail2ban pentru a sti ce trebuie sa filtreze :

Deschizi : << /etc/fail2ban/filter.d/ >>

Creezi un Ordner sau folder cum ii ziceti , in care introduceti sau copiati Urmatoarele :

cccam-signature.conf
[Definition]
failregex = CCcam: kick <HOST>, signature failed
ignoreregex =
cccam-login.conf
[Definition]
failregex = CCcam: double login .*, .* \(<HOST>\)
ignoreregex =
cccam-command.conf
[Definition]
failregex = CCcam: kick <HOST>.*, bad command
ignoreregex =
cccam-illegal.conf
[Definition]
failregex = CCcam: illegal user .* from <HOST>
ignoreregex =
Daca ai terminat trebuie restartat fail2ban ( Putty )


/etc/init.d/fail2ban restart

Daca ai facut totul corect vei putea vedea in :

<< /var/log/fail2ban.log >>

Succes