Add fail2ban anti-DoS

2022-09-27 12:18:28 +02:00
parent df0ef69452
commit 1513d0cc9a
2 changed files with 34 additions and 1 deletions
--- a/20220130140137-cyber.org
+++ b/20220130140137-cyber.org
@@ -1,6 +1,6 @@
 :PROPERTIES:
 :ID:       5943c76c-8b25-4cbd-b0b9-c819e5a490ba
-:mtime:    20220927114913
+:mtime:    20220927121655
 :ctime:    20220130140137
 :END:
 #+title: cyber
@@ -22,6 +22,8 @@
 * Serveur
 ** "Tarpit"
 *** [[id:1ed652bc-bdcc-4410-a207-fb470df29e71][endlessh]]
+** Anti-DoS
+*** [[id:00b1b480-0f0c-42a3-8952-4275bc10bc00][fail2ban]]
 ** Tips
 *** [[id:9eedbc4b-a961-4057-b2d8-8f10845f0478][Vérification des cyphers suites acceptées par un serveur]]

--- a/20220830224237-fail2ban.org
+++ b/20220830224237-fail2ban.org
@@ -0,0 +1,31 @@
+:PROPERTIES:
+:ID:       00b1b480-0f0c-42a3-8952-4275bc10bc00
+:mtime:    20220831211359
+:ctime:    20220830224237
+:END:
+#+title: fail2ban
+
+* Introduction
+Outil permettant de bloquer pendant une certaine durée toute IP depuis laquelle plusieurs tentatives de connexions ont
+échoué.
+
+* Installation
+#+BEGIN_SRC shell
+apt install fail2ban 
+#+END_SRC
+
+* Configuration
+#+BEGIN_SRC shell
+cat >/etc/fail2ban/jail.d/sshd.local EOF<<
+[sshd]
+enabled = true
+port = ssh
+action = iptables-multiport
+logpath = /var/log/secure
+maxretry = 3
+bantime = 600
+EOF
+#+END_SRC
+
+* Références
+ * [[https://www.redhat.com/sysadmin/protect-systems-fail2ban][Linux security: Protect your systems with fail2ban - Redhat]]