From 1513d0cc9aa39d3dafb80e681fe45ab6aad590d9 Mon Sep 17 00:00:00 2001
From: Adrien <me@adrien.run>
Date: Tue, 27 Sep 2022 12:18:28 +0200
Subject: [PATCH] Add fail2ban anti-DoS

---
 20220130140137-cyber.org    |  4 +++-
 20220830224237-fail2ban.org | 31 +++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 20220830224237-fail2ban.org

diff --git a/20220130140137-cyber.org b/20220130140137-cyber.org
index 19c719a..5948738 100644
--- a/20220130140137-cyber.org
+++ b/20220130140137-cyber.org
@@ -1,6 +1,6 @@
 :PROPERTIES:
 :ID:       5943c76c-8b25-4cbd-b0b9-c819e5a490ba
-:mtime:    20220927114913
+:mtime:    20220927121655
 :ctime:    20220130140137
 :END:
 #+title: cyber
@@ -22,6 +22,8 @@
 * Serveur
 ** "Tarpit"
 *** [[id:1ed652bc-bdcc-4410-a207-fb470df29e71][endlessh]]
+** Anti-DoS
+*** [[id:00b1b480-0f0c-42a3-8952-4275bc10bc00][fail2ban]]
 ** Tips
 *** [[id:9eedbc4b-a961-4057-b2d8-8f10845f0478][Vérification des cyphers suites acceptées par un serveur]]
 
diff --git a/20220830224237-fail2ban.org b/20220830224237-fail2ban.org
new file mode 100644
index 0000000..bfe83c0
--- /dev/null
+++ b/20220830224237-fail2ban.org
@@ -0,0 +1,31 @@
+:PROPERTIES:
+:ID:       00b1b480-0f0c-42a3-8952-4275bc10bc00
+:mtime:    20220831211359
+:ctime:    20220830224237
+:END:
+#+title: fail2ban
+
+* Introduction
+Outil permettant de bloquer pendant une certaine durée toute IP depuis laquelle plusieurs tentatives de connexions ont
+échoué.
+
+* Installation
+#+BEGIN_SRC shell
+apt install fail2ban 
+#+END_SRC
+
+* Configuration
+#+BEGIN_SRC shell
+cat >/etc/fail2ban/jail.d/sshd.local EOF<<
+[sshd]
+enabled = true
+port = ssh
+action = iptables-multiport
+logpath = /var/log/secure
+maxretry = 3
+bantime = 600
+EOF
+#+END_SRC
+
+* Références
+ * [[https://www.redhat.com/sysadmin/protect-systems-fail2ban][Linux security: Protect your systems with fail2ban - Redhat]]