ByC0d3
9/12/2017 - 6:47 PM

Fail2ban e Ipetables en debian

Instalar iptables y fail2ban en debian

# Iniciar fails2ban
service fail2ban start

# Detener fail2ban
service fail2ban stop

# Reiniciar fail2ban
service fail2ban restart

# Ver estatus  fail2ban
service fail2ban status

# Ver jaulas activas
cat /var/log/fail2ban.log

# Ver version de fail2ban
fail2ban-server --version

# Desbanear IP en Fail2ban
fail2ban-client set ssh unbanip IP
[sshd]

port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath = %(sshd_log)s
maxretry = 3

[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
port     = http,https
logpath  = %(apache_access_log)s
bantime  = 172800
maxretry = 1

[apache]

enabled  = true
port     = http,https
filter   = apache-auth
logpath  = %(apache_error_log)s
maxretry = 6


[apache-noscript]

enabled  = true
port     = http,https
filter   = apache-noscript
logpath  = %(apache_error_log)s
maxretry = 6

[apache-overflows]

enabled  = true
port     = http,https
filter   = apache-overflows
logpath  = %(apache_error_log)s
maxretry = 2

[apache-nohome]
enabled  = true
port     = http,https
filter   = apache-nohome
logpath  = %(apache_error_log)s
maxretry = 2
# Configuracion basica de Fail2ban

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Se edita el archivo de configuracion

nano /etc/fail2ban/jail.local

# Hace referencia al tiempo (en segundos) en la que una IP sera baneada o bloqueada
# bantime = 3600

# Cantidad maxima de intentos fallidos
# maxretry = 2

# Limite de intentos fallidos por tiempo
# findtime = 1000
# Instalacion de Fail2ban y iptables

apt-get install fail2ban iptables-persistent