Toto je starší verze dokumentu!
Fail2ban
Software k dynamickému blokování IP adres, když dělají něco, co nemají.
apt install fail2ban cd /etc/fail2ban cp jail.conf jail.local
Pro webserver jsem nastavoval, aby se zablokoval při portscanningu přístup na všechny porty, kromě 80 a 443. K tomu mi posloužil vytvoření soubor /etc/fail2ban/action
# Fail2Ban action configuration file for ufw # # You are required to run "ufw enable" before this will have any effect. # # The insert position should be appropriate to block the required traffic. # A number after an allow rule to the application won't be of much use. [Definition] actionstart = actionstop = actioncheck = actionban = [ -n "<application>" ] && app="app <application>" ufw prepend <blocktype> from <ip> $app ufw prepend allow proto tcp from <ip> to <destination> port 80,443 $app #ufw insert <insertpos> <blocktype> from <ip> to <destination> port 80 $app actionunban = [ -n "<application>" ] && app="app <application>" ufw delete <blocktype> from <ip> $app ufw delete allow proto tcp from <ip> to <destination> port 80,443 $app #ufw delete <blocktype> from <ip> to <destination> port 80 $app [Init] # Option: insertpos # Notes.: The position number in the firewall list to insert the block rule insertpos = 1 # Option: blocktype # Notes.: reject or deny blocktype = deny # Option: destination # Notes.: The destination address to block in the ufw rule destination = any # Option: application # Notes.: application from sudo ufw app list application = # DEV NOTES: # # Author: Guilhem Lettron # Enhancements: Daniel Black
Petr Nosek