21.08.2021, 12:39
Gegen Brute-Force-Angriffe mit Fail2ban auf meinem Ubuntu 20.4 OpenSim-Server
Man kann den SSH Zugang zusätzlich noch gegen Brute-Force-Angriffe absichern.
Dies sperrt die angreifende Person je nach Einstellung für einen gewissen Zeitraum oder eben komplett.
Fail2ban rennt auf meinem Server im Hintergrund als Dienst. Die Log-Dateien werden überwacht
und führen bei zu vielen Anmeldeversuchen dazu, dass nicht weiter verbunden wird.
Setup:
eisenbieger@salami:~$ sudo apt install fail2ban
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
python3-pyinotify whois
Suggested packages:
mailx monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 8 not upgraded.
Need to get 444 kB of archives.
After this operation, 2400 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 fail2ban all 0.11.1-1 [375 kB]
Get:2 http://de.archive.ubuntu.com/ubuntu focal/main amd64 python3-pyinotify all 0.9.6-1.2ubuntu1 [24.8 kB]
Get:3 http://de.archive.ubuntu.com/ubuntu focal/main amd64 whois amd64 5.5.6 [44.7 kB]
Fetched 444 kB in 1s (795 kB/s)
Selecting previously unselected package fail2ban.
(Reading database ... 71352 files and directories currently installed.)
Preparing to unpack .../fail2ban_0.11.1-1_all.deb ...
Unpacking fail2ban (0.11.1-1) ...
Selecting previously unselected package python3-pyinotify.
Preparing to unpack .../python3-pyinotify_0.9.6-1.2ubuntu1_all.deb ...
Unpacking python3-pyinotify (0.9.6-1.2ubuntu1) ...
Selecting previously unselected package whois.
Preparing to unpack .../archives/whois_5.5.6_amd64.deb ...
Unpacking whois (5.5.6) ...
Setting up whois (5.5.6) ...
Setting up fail2ban (0.11.1-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.
Setting up python3-pyinotify (0.9.6-1.2ubuntu1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.11) ...
Kopieren der jail.conf" nach jail.local:
:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Mit Nano öffnen und konfigurieren:
:~$ sudo nano /etc/fail2ban/jail.local
Dienst neu starten:
:~$ sudo systemctl restart fail2ban.service
Autostart einbinden:
:~$ sudo systemctl enable fail2ban
Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable fail2ban
Abfragen:
:~$ fail2ban-client status
2021-08-21 09:43:27,065 fail2ban 3553]: ERROR Permission denied to socket: /var/run/fail2ban/fail2ban.sock, (you must be root)
t:~$ sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
eisenbieger@salami:~$
Man kann den SSH Zugang zusätzlich noch gegen Brute-Force-Angriffe absichern.
Dies sperrt die angreifende Person je nach Einstellung für einen gewissen Zeitraum oder eben komplett.
Fail2ban rennt auf meinem Server im Hintergrund als Dienst. Die Log-Dateien werden überwacht
und führen bei zu vielen Anmeldeversuchen dazu, dass nicht weiter verbunden wird.
Setup:
eisenbieger@salami:~$ sudo apt install fail2ban
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
python3-pyinotify whois
Suggested packages:
mailx monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 8 not upgraded.
Need to get 444 kB of archives.
After this operation, 2400 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 fail2ban all 0.11.1-1 [375 kB]
Get:2 http://de.archive.ubuntu.com/ubuntu focal/main amd64 python3-pyinotify all 0.9.6-1.2ubuntu1 [24.8 kB]
Get:3 http://de.archive.ubuntu.com/ubuntu focal/main amd64 whois amd64 5.5.6 [44.7 kB]
Fetched 444 kB in 1s (795 kB/s)
Selecting previously unselected package fail2ban.
(Reading database ... 71352 files and directories currently installed.)
Preparing to unpack .../fail2ban_0.11.1-1_all.deb ...
Unpacking fail2ban (0.11.1-1) ...
Selecting previously unselected package python3-pyinotify.
Preparing to unpack .../python3-pyinotify_0.9.6-1.2ubuntu1_all.deb ...
Unpacking python3-pyinotify (0.9.6-1.2ubuntu1) ...
Selecting previously unselected package whois.
Preparing to unpack .../archives/whois_5.5.6_amd64.deb ...
Unpacking whois (5.5.6) ...
Setting up whois (5.5.6) ...
Setting up fail2ban (0.11.1-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.
Setting up python3-pyinotify (0.9.6-1.2ubuntu1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.11) ...
Kopieren der jail.conf" nach jail.local:
:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Mit Nano öffnen und konfigurieren:
:~$ sudo nano /etc/fail2ban/jail.local
Dienst neu starten:
:~$ sudo systemctl restart fail2ban.service
Autostart einbinden:
:~$ sudo systemctl enable fail2ban
Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable fail2ban
Abfragen:
:~$ fail2ban-client status
2021-08-21 09:43:27,065 fail2ban 3553]: ERROR Permission denied to socket: /var/run/fail2ban/fail2ban.sock, (you must be root)
t:~$ sudo fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
eisenbieger@salami:~$