Ppentest

Mengamankan Server Linux [Tips] Part II | Failban

Failban memiliki fungsi memeriksa log pada /var/log/auth.log atau /var/log/secure untuk mendektesi ada nya ip yang melakukankegiatan yang tidak senonoh :-p . IP si tersangka akan terblock secara otomatis oleh ip tables jika tersangka gagal lokin dalam jangaka waktu beberapa kali😡

Ubuntu:

sudo apt-get install fail2ban

Centos:

sudo yum install fail2ban

Edit /etc/fail2ban/jail.conf
#si admin nanti di email kalo ada aktifitas yang aneh-aneh
action = %(action_mwl)s

#Konfigurasi untuk SSH. 3000 adalah lamanya (detik) IP hacker itu akan kita block.
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime = 3000
Hasil Kerja Failban
/var/log/fail2ban:
2012-11-03 11:00:46,909 fail2ban.actions: WARNING [ssh] Ban 172.140.150.6
2012-11-03 11:10:47,475 fail2ban.actions: WARNING [ssh] Unban 172.140.150.6
2012-11-04 04:00:53,286 fail2ban.actions: WARNING [ssh] Ban 64.175.229.250
2012-11-04 04:10:53,801 fail2ban.actions: WARNING [ssh] Unban 64.175.229.250

Ip tables nya

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  58.17.36.25         0.0.0.0/0           
DROP       all  --  78.111.96.38         0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

 


Hi,
The IP 56.17.36.25 has just been banned by Fail2Ban after
3 attempts against ssh.
Here are more information about 56.17.36.115:

		
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s