Inhaltsverzeichnis
fail2ban
fail2ban untersucht LOG-Dateien wie z.B. (/var/log/httpd/error.log) und schließt diejenigen IP-Adressen vom Zugriff aus, welche beim Zugriff bestimmt Schlüsselwörter innerhalb des Zugriffes und der Protokollierung innerhalb der LOG-Datei ausweisen. fail2ban nutzt zum Ausschluss von bestimmten IP-Adressen den Paketfilter iptables und fügt hierzu gewisse Einträge, zum Regelwerk von iptables für eine definierte Zeit hinzu. fail2ban kann gleichzeitig auch bestimmte Aktionen, wie Benachrichtigung per e-Mail auslösen.
Voraussetzungen
Nachfolgend genannte Mindestvoraussetzungen sollten erfüllt sein, um fail2ban erfolgreich installieren und betreiben zu können:
- python - Programmiersprache möglichst ab der Version 2.5 oder höher
- iptables - Standard Paketfilter Software unter Linux
Zur Installation soll hier ein rpm-Paket aus einem Drittanbieter Repository - hier EPEL - zum Einsatz kommen.
Vorbereitungen
Vorbereitend für die Installation, ist es erforderlich das
- rpm-Paket
jwhois
- Drittanbieter Repository - hier EPEL -
einzubinden.
jwhois installieren
Die Installation des rpm-Paktes jwhois
kann über den Paket-Manager yum
nachfolgender Befehl durchgeführt werden:
CentOS 6:
# yum install jwhois Loaded plugins: priorities, refresh-packagekit, security 1259 packages excluded due to repository priority protections Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package jwhois.x86_64 0:4.0-19.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: jwhois x86_64 4.0-19.el6 base 104 k Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 104 k Installed size: 294 k Is this ok [y/N]: y Downloading Packages: jwhois-4.0-19.el6.x86_64.rpm | 104 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : jwhois-4.0-19.el6.x86_64 1/1 Verifying : jwhois-4.0-19.el6.x86_64 1/1 Installed: jwhois.x86_64 0:4.0-19.el6 Complete!
CentOS 7:
# yum install jwhois Loaded plugins: changelog, priorities 125 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package jwhois.x86_64 0:4.0-45.el7 will be installed --> Processing Dependency: libidn2.so.0(IDN2_0.0.0)(64bit) for package: jwhois-4.0-45.el7.x86_64 --> Processing Dependency: libidn2.so.0()(64bit) for package: jwhois-4.0-45.el7.x86_64 --> Running transaction check ---> Package libidn2.x86_64 0:0.10-2.el7 will be installed --> Finished Dependency Resolution Changes in packages about to be updated: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: jwhois x86_64 4.0-45.el7 epel 116 k Installing for dependencies: libidn2 x86_64 0.10-2.el7 epel 96 k Transaction Summary ================================================================================ Install 1 Package (+1 Dependent package) Total download size: 212 k Installed size: 633 k Is this ok [y/d/N]: y Downloading packages: (1/2): jwhois-4.0-45.el7.x86_64.rpm | 116 kB 00:00 (2/2): libidn2-0.10-2.el7.x86_64.rpm | 96 kB 00:00 -------------------------------------------------------------------------------- Total 1.0 MB/s | 212 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libidn2-0.10-2.el7.x86_64 1/2 Installing : jwhois-4.0-45.el7.x86_64 2/2 Verifying : libidn2-0.10-2.el7.x86_64 1/2 Verifying : jwhois-4.0-45.el7.x86_64 2/2 Installed: jwhois.x86_64 0:4.0-45.el7 Dependency Installed: libidn2.x86_64 0:0.10-2.el7 Complete!
Der Inhalt des Paketes jwhois.x86_64
kann mit nachfolgendem Befehl angezeigt werden:
CentOS 6:
# rpm -qil jwhois Name : jwhois Relocations: (not relocatable) Version : 4.0 Vendor: CentOS Release : 19.el6 Build Date: Fri 23 Sep 2011 01:19:46 PM CEST Install Date: Thu 29 Nov 2012 04:14:14 PM CET Build Host: c6b18n1.dev.centos.org Group : Applications/Internet Source RPM: jwhois-4.0-19.el6.src.rpm Size : 300880 License: GPLv3 Signature : RSA/SHA1, Mon 26 Sep 2011 06:19:44 AM CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.gnu.org/software/jwhois/ Summary : Internet whois/nicname client Description : A whois client that accepts both traditional and finger-style queries. /etc/jwhois.conf /usr/bin/jwhois /usr/bin/whois /usr/share/doc/jwhois-4.0 /usr/share/doc/jwhois-4.0/AUTHORS /usr/share/doc/jwhois-4.0/COPYING /usr/share/doc/jwhois-4.0/ChangeLog /usr/share/doc/jwhois-4.0/NEWS /usr/share/doc/jwhois-4.0/README /usr/share/doc/jwhois-4.0/TODO /usr/share/info/jwhois.info.gz /usr/share/locale/es/LC_MESSAGES/jwhois.mo /usr/share/locale/fr/LC_MESSAGES/jwhois.mo /usr/share/locale/hu/LC_MESSAGES/jwhois.mo /usr/share/locale/id/LC_MESSAGES/jwhois.mo /usr/share/locale/it/LC_MESSAGES/jwhois.mo /usr/share/locale/nl/LC_MESSAGES/jwhois.mo /usr/share/locale/pl/LC_MESSAGES/jwhois.mo /usr/share/locale/pt_BR/LC_MESSAGES/jwhois.mo /usr/share/locale/ro/LC_MESSAGES/jwhois.mo /usr/share/locale/ru/LC_MESSAGES/jwhois.mo /usr/share/locale/rw/LC_MESSAGES/jwhois.mo /usr/share/locale/sv/LC_MESSAGES/jwhois.mo /usr/share/locale/tr/LC_MESSAGES/jwhois.mo /usr/share/locale/vi/LC_MESSAGES/jwhois.mo /usr/share/locale/zh_TW/LC_MESSAGES/jwhois.mo /usr/share/man/man1/jwhois.1.gz /usr/share/man/man1/whois.1.gz /usr/share/man/sv/man1/jwhois.1.gz
CentOS 7:
# rpm -qil jwhois Name : jwhois Version : 4.0 Release : 45.el7 Architecture: x86_64 Install Date: Mon 12 Sep 2016 01:19:47 PM CEST Group : Applications/Internet Size : 343812 License : GPLv3 Signature : RSA/SHA256, Mon 08 Aug 2016 06:27:27 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : jwhois-4.0-45.el7.src.rpm Build Date : Mon 08 Aug 2016 01:18:56 PM CEST Build Host : buildvm-26.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://www.gnu.org/software/jwhois/ Summary : Internet whois/nicname client Description : A whois client that accepts both traditional and finger-style queries. /etc/jwhois.conf /usr/bin/jwhois /usr/bin/whois /usr/share/doc/jwhois-4.0 /usr/share/doc/jwhois-4.0/AUTHORS /usr/share/doc/jwhois-4.0/COPYING /usr/share/doc/jwhois-4.0/ChangeLog /usr/share/doc/jwhois-4.0/NEWS /usr/share/doc/jwhois-4.0/README /usr/share/doc/jwhois-4.0/TODO /usr/share/info/jwhois.info.gz /usr/share/locale/es/LC_MESSAGES/jwhois.mo /usr/share/locale/fr/LC_MESSAGES/jwhois.mo /usr/share/locale/hu/LC_MESSAGES/jwhois.mo /usr/share/locale/id/LC_MESSAGES/jwhois.mo /usr/share/locale/it/LC_MESSAGES/jwhois.mo /usr/share/locale/nl/LC_MESSAGES/jwhois.mo /usr/share/locale/pl/LC_MESSAGES/jwhois.mo /usr/share/locale/pt_BR/LC_MESSAGES/jwhois.mo /usr/share/locale/ro/LC_MESSAGES/jwhois.mo /usr/share/locale/ru/LC_MESSAGES/jwhois.mo /usr/share/locale/rw/LC_MESSAGES/jwhois.mo /usr/share/locale/sv/LC_MESSAGES/jwhois.mo /usr/share/locale/tr/LC_MESSAGES/jwhois.mo /usr/share/locale/vi/LC_MESSAGES/jwhois.mo /usr/share/locale/zh_TW/LC_MESSAGES/jwhois.mo /usr/share/man/man1/jwhois.1.gz /usr/share/man/man1/whois.1.gz /usr/share/man/man1/whois.jwhois.1.gz /usr/share/man/sv/man1/jwhois.1.gz
EPEL-Repository einbinden
Bevor externe Repository's eingebunden werden, sollte sichergestellt werden, dass keine Pakete aus externen Repositorys, die der eigentlichen CentOS-Repository's überschreiben.
Dies kann durch die Installation des sogenannten
- Priorities-Plugin für den Paket-Manager
yum
erfolgen.
Die Installation des Priorities-Plugin für den Paket-Manager yum
wird durch nachfolgenden Befehl durchgeführt:
# yum install yum-plugin-priorities Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package yum-plugin-priorities.noarch 0:1.1.30-14.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: yum-plugin-priorities noarch 1.1.30-14.el6 base 22 k Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 22 k Installed size: 28 k Is this ok [y/N]: y Downloading Packages: yum-plugin-priorities-1.1.30-14.el6.noarch.rpm | 22 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : yum-plugin-priorities-1.1.30-14.el6.noarch 1/1 Verifying : yum-plugin-priorities-1.1.30-14.el6.noarch 1/1 Installed: yum-plugin-priorities.noarch 0:1.1.30-14.el6 Complete!
Der Inhalt des Paketes yum-plugin-priorities
kann mit nachfolgendem Befehl angezeigt werden:
# rpm -qil yum-plugin-priorities Name : yum-plugin-priorities Relocations: (not relocatable) Version : 1.1.30 Vendor: CentOS Release : 14.el6 Build Date: Fri 22 Jun 2012 02:23:05 PM CEST Install Date: Fri 07 Sep 2012 11:28:52 AM CEST Build Host: c6b8.bsys.dev.centos.org Group : System Environment/Base Source RPM: yum-utils-1.1.30-14.el6.src.rpm Size : 28555 License: GPLv2+ Signature : RSA/SHA1, Mon 25 Jun 2012 12:20:22 AM CEST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://yum.baseurl.org/download/yum-utils/ Summary : plugin to give priorities to packages from different repos Description : This plugin allows repositories to have different priorities. Packages in a repository with a lower priority can't be overridden by packages from a repository with a higher priority even if repo has a later version. /etc/yum/pluginconf.d/priorities.conf /usr/lib/yum-plugins/priorities.py /usr/lib/yum-plugins/priorities.pyc /usr/lib/yum-plugins/priorities.pyo /usr/share/doc/yum-plugin-priorities-1.1.30 /usr/share/doc/yum-plugin-priorities-1.1.30/COPYING
Entscheidend ist nun, im Verzeichnis
/etc/yum.repos.d/
den dort enthaltenen Repository-Konfigurationsdateien, durch Ergänzung nachfolgender Zeile, eine Priorität zuzuweisen (nur relevanter Ausschnitt):
... priority=1 ...
Was im Beispiel der Konfigurationsdatei
/etc/yum.repos.d/Centos-Base-repo
dann wie folgt aussehen könnte (nur beispielhafter relevanter Ausschnitt):
# CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 priority=1 ...
HINWEIS - Den eigenen Rpository's aus CentOS sollte eine höhere Priorität, durch Zuweisung einer kleineren Zahl gegeben werden!
Um EPEL auf den Servern/Knoten Nutzen zu können, muss nachfolgende Datei heruntergeladen werden, was mit nachfolgendem Befehl durchgeführt werden kann:
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm --2012-09-07 13:06:13-- http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm Resolving dl.fedoraproject.org... 209.132.181.23, 209.132.181.24, 209.132.181.25, ... Connecting to dl.fedoraproject.org|209.132.181.23|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 14496 (14K) [application/x-rpm] Saving to: “epel-release-6-7.noarch.rpm” 100%[======================================>] 14,496 72.2K/s in 0.2s 2012-09-07 13:06:14 (72.2 KB/s) - “epel-release-6-7.noarch.rpm” saved [14496/14496]
Anschließend sollte zur Prüfung der Echtheit des soeben heruntergeladenen rpm
-Pakets
epel-release-6-7.noarch.rpm
dessen Schlüssel, mit dem das Paket signiert wurde, in die RPM-Paket-Verwaltung importiert werden:
# rpm --import https://fedoraproject.org/static/0608B895.txt
Danach kann das so heruntergeladene Paket, mit nachfolgendem Befehl auf dessen Echtheit, überprüft werden:
# rpm -K epel-release-6-7.noarch.rpm epel-release-6-7.noarch.rpm: rsa sha1 (md5) pgp md5 OK
Abschließend kann dann, mit nachfolgendem Befehl, das Paket installiert werden:
# yum localinstall epel-release-6-7.noarch.rpm Loaded plugins: fastestmirror, priorities Setting up Local Package Process Examining epel-release-6-7.noarch.rpm: epel-release-6-7.noarch Marking epel-release-6-7.noarch.rpm to be installed Loading mirror speeds from cached hostfile base | 3.7 kB 00:00 extras | 3.0 kB 00:00 updates | 3.5 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:6-7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: epel-release noarch 6-7 /epel-release-6-7.noarch 22 k Transaction Summary ================================================================================ Install 1 Package(s) Total size: 22 k Installed size: 22 k Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : epel-release-6-7.noarch 1/1 Verifying : epel-release-6-7.noarch 1/1 Installed: epel-release.noarch 0:6-7 Complete!
Der Inhalt des Pakets epel-release-6-7.noarch
kann mit nachfolgendem Befehl angezeigt werden:
# rpm -qil epel-release Name : epel-release Relocations: (not relocatable) Version : 6 Vendor: Fedora Project Release : 7 Build Date: Wed 09 May 2012 05:58:17 PM CEST Install Date: Fri 07 Sep 2012 11:41:46 AM CEST Build Host: x86-03.phx2.fedoraproject.org Group : System Environment/Base Source RPM: epel-release-6-7.src.rpm Size : 22169 License: GPLv2 Signature : RSA/8, Thu 10 May 2012 05:00:09 PM CEST, Key ID 3b49df2a0608b895 Packager : Fedora Project URL : http://download.fedora.redhat.com/pub/epel Summary : Extra Packages for Enterprise Linux repository configuration Description : This package contains the Extra Packages for Enterprise Linux (EPEL) repository GPG key as well as configuration for yum and up2date. /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 /etc/rpm/macros.ghc-srpm /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel.repo /usr/share/doc/epel-release-6 /usr/share/doc/epel-release-6/GPL
HINWEIS - Abschließend sollte hier die Priorität des EPEL-Repositorys, eine niedrigere Priorität, durch Zuweisung einer größeren Zahl, als die der eigenen Rpository's aus CentOS gegeben werden!
Was im Beispiel der Konfigurationsdatei
/etc/yum.repos.d/epel.repo
dann wie folgt aussehen könnte (nur beispielhafter relevanter Ausschnitt):
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 priority=10 ...
Installation
Die Installation von fail2ban kann über den Paket-Manager yum
mit nachfolgenden Befehl durchgeführt werden:
CentOS 6:
# yum install fail2ban Loaded plugins: priorities, refresh-packagekit, security 1259 packages excluded due to repository priority protections Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package fail2ban.noarch 0:0.8.4-28.el6 will be installed --> Processing Dependency: shorewall for package: fail2ban-0.8.4-28.el6.noarch --> Processing Dependency: python-inotify for package: fail2ban-0.8.4-28.el6.noarch --> Processing Dependency: gamin-python for package: fail2ban-0.8.4-28.el6.noarch --> Running transaction check ---> Package gamin-python.x86_64 0:0.1.10-9.el6 will be installed ---> Package python-inotify.noarch 0:0.9.1-1.el6 will be installed ---> Package shorewall.noarch 0:4.5.4-1.el6 will be installed --> Processing Dependency: shorewall-core = 4.5.4-1.el6 for package: shorewall-4.5.4-1.el6.noarch --> Processing Dependency: perl(Digest::SHA) for package: shorewall-4.5.4-1.el6.noarch --> Running transaction check ---> Package perl-Digest-SHA.x86_64 1:5.47-127.el6 will be installed ---> Package shorewall-core.noarch 0:4.5.4-1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: fail2ban noarch 0.8.4-28.el6 epel 128 k Installing for dependencies: gamin-python x86_64 0.1.10-9.el6 base 33 k perl-Digest-SHA x86_64 1:5.47-127.el6 base 62 k python-inotify noarch 0.9.1-1.el6 epel 50 k shorewall noarch 4.5.4-1.el6 epel 517 k shorewall-core noarch 4.5.4-1.el6 epel 64 k Transaction Summary ================================================================================ Install 6 Package(s) Total download size: 854 k Installed size: 3.0 M Is this ok [y/N]: y Downloading Packages: (1/6): fail2ban-0.8.4-28.el6.noarch.rpm | 128 kB 00:00 (2/6): gamin-python-0.1.10-9.el6.x86_64.rpm | 33 kB 00:00 (3/6): perl-Digest-SHA-5.47-127.el6.x86_64.rpm | 62 kB 00:00 (4/6): python-inotify-0.9.1-1.el6.noarch.rpm | 50 kB 00:00 (5/6): shorewall-4.5.4-1.el6.noarch.rpm | 517 kB 00:00 (6/6): shorewall-core-4.5.4-1.el6.noarch.rpm | 64 kB 00:00 -------------------------------------------------------------------------------- Total 2.8 MB/s | 854 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 1:perl-Digest-SHA-5.47-127.el6.x86_64 1/6 Installing : gamin-python-0.1.10-9.el6.x86_64 2/6 Installing : python-inotify-0.9.1-1.el6.noarch 3/6 Installing : shorewall-core-4.5.4-1.el6.noarch 4/6 Installing : shorewall-4.5.4-1.el6.noarch 5/6 Installing : fail2ban-0.8.4-28.el6.noarch 6/6 Verifying : shorewall-core-4.5.4-1.el6.noarch 1/6 Verifying : python-inotify-0.9.1-1.el6.noarch 2/6 Verifying : fail2ban-0.8.4-28.el6.noarch 3/6 Verifying : shorewall-4.5.4-1.el6.noarch 4/6 Verifying : gamin-python-0.1.10-9.el6.x86_64 5/6 Verifying : 1:perl-Digest-SHA-5.47-127.el6.x86_64 6/6 Installed: fail2ban.noarch 0:0.8.4-28.el6 Dependency Installed: gamin-python.x86_64 0:0.1.10-9.el6 perl-Digest-SHA.x86_64 1:5.47-127.el6 python-inotify.noarch 0:0.9.1-1.el6 shorewall.noarch 0:4.5.4-1.el6 shorewall-core.noarch 0:4.5.4-1.el6 Complete!
CentOS 7:
HINWEIS - Es soll auch unter CentOS 7 - iptables
zum Einsatz kommen und nicht firewalld
!
# yum install fail2ban-server fail2ban-systemd fail2ban-mail Loaded plugins: changelog, priorities 125 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package fail2ban-mail.noarch 0:0.9.3-1.el7 will be installed --> Processing Dependency: mailx for package: fail2ban-mail-0.9.3-1.el7.noarch ---> Package fail2ban-server.noarch 0:0.9.3-1.el7 will be installed --> Processing Dependency: systemd-python for package: fail2ban-server-0.9.3-1.el7.noarch --> Processing Dependency: ipset for package: fail2ban-server-0.9.3-1.el7.noarch ---> Package fail2ban-systemd.noarch 0:0.9.3-1.el7 will be installed --> Running transaction check ---> Package ipset.x86_64 0:6.19-4.el7 will be installed --> Processing Dependency: ipset-libs = 6.19-4.el7 for package: ipset-6.19-4.el7.x86_64 --> Processing Dependency: libipset.so.3(LIBIPSET_3.0)(64bit) for package: ipset-6.19-4.el7.x86_64 --> Processing Dependency: libipset.so.3(LIBIPSET_2.0)(64bit) for package: ipset-6.19-4.el7.x86_64 --> Processing Dependency: libipset.so.3(LIBIPSET_1.0)(64bit) for package: ipset-6.19-4.el7.x86_64 --> Processing Dependency: libipset.so.3()(64bit) for package: ipset-6.19-4.el7.x86_64 ---> Package mailx.x86_64 0:12.5-12.el7_0 will be installed ---> Package systemd-python.x86_64 0:219-19.el7_2.12 will be installed --> Running transaction check ---> Package ipset-libs.x86_64 0:6.19-4.el7 will be installed --> Finished Dependency Resolution Changes in packages about to be updated: Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: fail2ban-mail noarch 0.9.3-1.el7 epel 13 k fail2ban-server noarch 0.9.3-1.el7 epel 395 k fail2ban-systemd noarch 0.9.3-1.el7 epel 9.9 k Installing for dependencies: ipset x86_64 6.19-4.el7 base 36 k ipset-libs x86_64 6.19-4.el7 base 46 k mailx x86_64 12.5-12.el7_0 base 244 k systemd-python x86_64 219-19.el7_2.12 updates 99 k Transaction Summary ================================================================================ Install 3 Packages (+4 Dependent packages) Total download size: 843 k Installed size: 2.2 M Is this ok [y/d/N]: y Downloading packages: (1/7): fail2ban-mail-0.9.3-1.el7.noarch.rpm | 13 kB 00:00 (2/7): fail2ban-server-0.9.3-1.el7.noarch.rpm | 395 kB 00:00 (3/7): fail2ban-systemd-0.9.3-1.el7.noarch.rpm | 9.9 kB 00:00 (4/7): ipset-6.19-4.el7.x86_64.rpm | 36 kB 00:00 (5/7): ipset-libs-6.19-4.el7.x86_64.rpm | 46 kB 00:00 (6/7): mailx-12.5-12.el7_0.x86_64.rpm | 244 kB 00:00 (7/7): systemd-python-219-19.el7_2.12.x86_64.rpm | 99 kB 00:00 -------------------------------------------------------------------------------- Total 1.1 MB/s | 843 kB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : systemd-python-219-19.el7_2.12.x86_64 1/7 Installing : mailx-12.5-12.el7_0.x86_64 2/7 Installing : ipset-libs-6.19-4.el7.x86_64 3/7 Installing : ipset-6.19-4.el7.x86_64 4/7 Installing : fail2ban-server-0.9.3-1.el7.noarch 5/7 Installing : fail2ban-mail-0.9.3-1.el7.noarch 6/7 Installing : fail2ban-systemd-0.9.3-1.el7.noarch 7/7 Verifying : ipset-libs-6.19-4.el7.x86_64 1/7 Verifying : ipset-6.19-4.el7.x86_64 2/7 Verifying : fail2ban-server-0.9.3-1.el7.noarch 3/7 Verifying : fail2ban-mail-0.9.3-1.el7.noarch 4/7 Verifying : fail2ban-systemd-0.9.3-1.el7.noarch 5/7 Verifying : mailx-12.5-12.el7_0.x86_64 6/7 Verifying : systemd-python-219-19.el7_2.12.x86_64 7/7 Installed: fail2ban-mail.noarch 0:0.9.3-1.el7 fail2ban-server.noarch 0:0.9.3-1.el7 fail2ban-systemd.noarch 0:0.9.3-1.el7 Dependency Installed: ipset.x86_64 0:6.19-4.el7 ipset-libs.x86_64 0:6.19-4.el7 mailx.x86_64 0:12.5-12.el7_0 systemd-python.x86_64 0:219-19.el7_2.12 Complete!
Der Inhalt des Paketes fail2ban.noarch
kann mit nachfolgendem Befehl angezeigt werden:
CentOS 6:
# rpm -qil fail2ban Name : fail2ban Relocations: (not relocatable) Version : 0.8.4 Vendor: Fedora Project Release : 28.el6 Build Date: Sat 11 Feb 2012 08:28:14 AM CET Install Date: Thu 29 Nov 2012 09:56:46 AM CET Build Host: x86-12.phx2.fedoraproject.org Group : System Environment/Daemons Source RPM: fail2ban-0.8.4-28.el6.src.rpm Size : 453036 License: GPLv2+ Signature : RSA/8, Sat 11 Feb 2012 05:49:05 PM CET, Key ID 3b49df2a0608b895 Packager : Fedora Project URL : http://fail2ban.sourceforge.net/ Summary : Ban IPs that make too many password failures Description : Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. /etc/fail2ban /etc/fail2ban/action.d /etc/fail2ban/action.d/complain.conf /etc/fail2ban/action.d/dshield.conf /etc/fail2ban/action.d/hostsdeny.conf /etc/fail2ban/action.d/ipfilter.conf /etc/fail2ban/action.d/ipfw.conf /etc/fail2ban/action.d/iptables-allports.conf /etc/fail2ban/action.d/iptables-multiport-log.conf /etc/fail2ban/action.d/iptables-multiport.conf /etc/fail2ban/action.d/iptables-new.conf /etc/fail2ban/action.d/iptables.conf /etc/fail2ban/action.d/mail-buffered.conf /etc/fail2ban/action.d/mail-whois-lines.conf /etc/fail2ban/action.d/mail-whois.conf /etc/fail2ban/action.d/mail.conf /etc/fail2ban/action.d/mynetwatchman.conf /etc/fail2ban/action.d/sendmail-buffered.conf /etc/fail2ban/action.d/sendmail-whois-lines.conf /etc/fail2ban/action.d/sendmail-whois.conf /etc/fail2ban/action.d/sendmail.conf /etc/fail2ban/action.d/shorewall.conf /etc/fail2ban/fail2ban.conf /etc/fail2ban/filter.d /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-badbots.conf /etc/fail2ban/filter.d/apache-nohome.conf /etc/fail2ban/filter.d/apache-noscript.conf /etc/fail2ban/filter.d/apache-overflows.conf /etc/fail2ban/filter.d/common.conf /etc/fail2ban/filter.d/courierlogin.conf /etc/fail2ban/filter.d/couriersmtp.conf /etc/fail2ban/filter.d/cyrus-imap.conf /etc/fail2ban/filter.d/exim.conf /etc/fail2ban/filter.d/gssftpd.conf /etc/fail2ban/filter.d/lighttpd-fastcgi.conf /etc/fail2ban/filter.d/named-refused.conf /etc/fail2ban/filter.d/pam-generic.conf /etc/fail2ban/filter.d/php-url-fopen.conf /etc/fail2ban/filter.d/postfix.conf /etc/fail2ban/filter.d/proftpd.conf /etc/fail2ban/filter.d/pure-ftpd.conf /etc/fail2ban/filter.d/qmail.conf /etc/fail2ban/filter.d/sasl.conf /etc/fail2ban/filter.d/sieve.conf /etc/fail2ban/filter.d/sshd-ddos.conf /etc/fail2ban/filter.d/sshd.conf /etc/fail2ban/filter.d/vsftpd.conf /etc/fail2ban/filter.d/webmin-auth.conf /etc/fail2ban/filter.d/wuftpd.conf /etc/fail2ban/filter.d/xinetd-fail.conf /etc/fail2ban/jail.conf /etc/logrotate.d/fail2ban /etc/rc.d/init.d/fail2ban /etc/tmpfiles.d/fail2ban.conf /usr/bin/fail2ban-client /usr/bin/fail2ban-regex /usr/bin/fail2ban-server /usr/share/doc/fail2ban-0.8.4 /usr/share/doc/fail2ban-0.8.4/COPYING /usr/share/doc/fail2ban-0.8.4/ChangeLog /usr/share/doc/fail2ban-0.8.4/README /usr/share/doc/fail2ban-0.8.4/TODO /usr/share/fail2ban /usr/share/fail2ban/client /usr/share/fail2ban/client/__init__.py /usr/share/fail2ban/client/__init__.pyc /usr/share/fail2ban/client/__init__.pyo /usr/share/fail2ban/client/actionreader.py /usr/share/fail2ban/client/actionreader.pyc /usr/share/fail2ban/client/actionreader.pyo /usr/share/fail2ban/client/beautifier.py /usr/share/fail2ban/client/beautifier.pyc /usr/share/fail2ban/client/beautifier.pyo /usr/share/fail2ban/client/configparserinc.py /usr/share/fail2ban/client/configparserinc.pyc /usr/share/fail2ban/client/configparserinc.pyo /usr/share/fail2ban/client/configreader.py /usr/share/fail2ban/client/configreader.pyc /usr/share/fail2ban/client/configreader.pyo /usr/share/fail2ban/client/configurator.py /usr/share/fail2ban/client/configurator.pyc /usr/share/fail2ban/client/configurator.pyo /usr/share/fail2ban/client/csocket.py /usr/share/fail2ban/client/csocket.pyc /usr/share/fail2ban/client/csocket.pyo /usr/share/fail2ban/client/fail2banreader.py /usr/share/fail2ban/client/fail2banreader.pyc /usr/share/fail2ban/client/fail2banreader.pyo /usr/share/fail2ban/client/filterreader.py /usr/share/fail2ban/client/filterreader.pyc /usr/share/fail2ban/client/filterreader.pyo /usr/share/fail2ban/client/jailreader.py /usr/share/fail2ban/client/jailreader.pyc /usr/share/fail2ban/client/jailreader.pyo /usr/share/fail2ban/client/jailsreader.py /usr/share/fail2ban/client/jailsreader.pyc /usr/share/fail2ban/client/jailsreader.pyo /usr/share/fail2ban/common /usr/share/fail2ban/common/__init__.py /usr/share/fail2ban/common/__init__.pyc /usr/share/fail2ban/common/__init__.pyo /usr/share/fail2ban/common/helpers.py /usr/share/fail2ban/common/helpers.pyc /usr/share/fail2ban/common/helpers.pyo /usr/share/fail2ban/common/protocol.py /usr/share/fail2ban/common/protocol.pyc /usr/share/fail2ban/common/protocol.pyo /usr/share/fail2ban/common/version.py /usr/share/fail2ban/common/version.pyc /usr/share/fail2ban/common/version.pyo /usr/share/fail2ban/fail2ban-0.8.4-py2.6.egg-info /usr/share/fail2ban/server /usr/share/fail2ban/server/__init__.py /usr/share/fail2ban/server/__init__.pyc /usr/share/fail2ban/server/__init__.pyo /usr/share/fail2ban/server/action.py /usr/share/fail2ban/server/action.pyc /usr/share/fail2ban/server/action.pyo /usr/share/fail2ban/server/actions.py /usr/share/fail2ban/server/actions.pyc /usr/share/fail2ban/server/actions.pyo /usr/share/fail2ban/server/asyncserver.py /usr/share/fail2ban/server/asyncserver.pyc /usr/share/fail2ban/server/asyncserver.pyo /usr/share/fail2ban/server/banmanager.py /usr/share/fail2ban/server/banmanager.pyc /usr/share/fail2ban/server/banmanager.pyo /usr/share/fail2ban/server/datedetector.py /usr/share/fail2ban/server/datedetector.pyc /usr/share/fail2ban/server/datedetector.pyo /usr/share/fail2ban/server/datetemplate.py /usr/share/fail2ban/server/datetemplate.pyc /usr/share/fail2ban/server/datetemplate.pyo /usr/share/fail2ban/server/faildata.py /usr/share/fail2ban/server/faildata.pyc /usr/share/fail2ban/server/faildata.pyo /usr/share/fail2ban/server/failmanager.py /usr/share/fail2ban/server/failmanager.pyc /usr/share/fail2ban/server/failmanager.pyo /usr/share/fail2ban/server/failregex.py /usr/share/fail2ban/server/failregex.pyc /usr/share/fail2ban/server/failregex.pyo /usr/share/fail2ban/server/filter.py /usr/share/fail2ban/server/filter.pyc /usr/share/fail2ban/server/filter.pyo /usr/share/fail2ban/server/filtergamin.py /usr/share/fail2ban/server/filtergamin.pyc /usr/share/fail2ban/server/filtergamin.pyo /usr/share/fail2ban/server/filterinotify.py /usr/share/fail2ban/server/filterinotify.pyc /usr/share/fail2ban/server/filterinotify.pyo /usr/share/fail2ban/server/filterpoll.py /usr/share/fail2ban/server/filterpoll.pyc /usr/share/fail2ban/server/filterpoll.pyo /usr/share/fail2ban/server/iso8601.py /usr/share/fail2ban/server/iso8601.pyc /usr/share/fail2ban/server/iso8601.pyo /usr/share/fail2ban/server/jail.py /usr/share/fail2ban/server/jail.pyc /usr/share/fail2ban/server/jail.pyo /usr/share/fail2ban/server/jails.py /usr/share/fail2ban/server/jails.pyc /usr/share/fail2ban/server/jails.pyo /usr/share/fail2ban/server/jailthread.py /usr/share/fail2ban/server/jailthread.pyc /usr/share/fail2ban/server/jailthread.pyo /usr/share/fail2ban/server/mytime.py /usr/share/fail2ban/server/mytime.pyc /usr/share/fail2ban/server/mytime.pyo /usr/share/fail2ban/server/server.py /usr/share/fail2ban/server/server.pyc /usr/share/fail2ban/server/server.pyo /usr/share/fail2ban/server/ticket.py /usr/share/fail2ban/server/ticket.pyc /usr/share/fail2ban/server/ticket.pyo /usr/share/fail2ban/server/transmitter.py /usr/share/fail2ban/server/transmitter.pyc /usr/share/fail2ban/server/transmitter.pyo /usr/share/man/man1/fail2ban-client.1.gz /usr/share/man/man1/fail2ban-regex.1.gz /usr/share/man/man1/fail2ban-server.1.gz /var/lib/fail2ban /var/run/fail2ban
Der Inhalt der Pakete fail2ban-server.noarch
, fail2ban-systemd.noarch
und fail2ban-mail.noarch
kann mit nachfolgenden Befehlen angezeigt werden:
CentOS 7:
# rpm -qil fail2ban-server fail2ban-systemd fail2ban-mail Name : fail2ban-server Version : 0.9.3 Release : 1.el7 Architecture: noarch Install Date: Mon 12 Sep 2016 01:32:27 PM CEST Group : Unspecified Size : 1378539 License : GPLv2+ Signature : RSA/SHA256, Sun 13 Sep 2015 06:58:28 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : fail2ban-0.9.3-1.el7.src.rpm Build Date : Sat 12 Sep 2015 11:19:16 PM CEST Build Host : buildvm-04.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://fail2ban.sourceforge.net/ Summary : Core server component for Fail2Ban Description : This package contains the core server components for Fail2Ban with minimal dependencies. You can install this directly if you want to have a small installation and know what you are doing. /etc/fail2ban /etc/fail2ban/action.d /etc/fail2ban/action.d/apf.conf /etc/fail2ban/action.d/badips.conf /etc/fail2ban/action.d/badips.py /etc/fail2ban/action.d/badips.pyc /etc/fail2ban/action.d/badips.pyo /etc/fail2ban/action.d/blocklist_de.conf /etc/fail2ban/action.d/cloudflare.conf /etc/fail2ban/action.d/dshield.conf /etc/fail2ban/action.d/dummy.conf /etc/fail2ban/action.d/firewallcmd-allports.conf /etc/fail2ban/action.d/firewallcmd-ipset.conf /etc/fail2ban/action.d/firewallcmd-multiport.conf /etc/fail2ban/action.d/firewallcmd-new.conf /etc/fail2ban/action.d/iptables-allports.conf /etc/fail2ban/action.d/iptables-common.conf /etc/fail2ban/action.d/iptables-ipset-proto4.conf /etc/fail2ban/action.d/iptables-ipset-proto6-allports.conf /etc/fail2ban/action.d/iptables-ipset-proto6.conf /etc/fail2ban/action.d/iptables-multiport-log.conf /etc/fail2ban/action.d/iptables-multiport.conf /etc/fail2ban/action.d/iptables-new.conf /etc/fail2ban/action.d/iptables-xt_recent-echo.conf /etc/fail2ban/action.d/iptables.conf /etc/fail2ban/action.d/mail.conf /etc/fail2ban/action.d/mynetwatchman.conf /etc/fail2ban/action.d/nsupdate.conf /etc/fail2ban/action.d/route.conf /etc/fail2ban/action.d/sendmail.conf /etc/fail2ban/action.d/shorewall-ipset-proto6.conf /etc/fail2ban/action.d/smtp.py /etc/fail2ban/action.d/smtp.pyc /etc/fail2ban/action.d/smtp.pyo /etc/fail2ban/action.d/symbiosis-blacklist-allports.conf /etc/fail2ban/action.d/xarf-login-attack.conf /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.d /etc/fail2ban/filter.d /etc/fail2ban/filter.d/3proxy.conf /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-badbots.conf /etc/fail2ban/filter.d/apache-botsearch.conf /etc/fail2ban/filter.d/apache-common.conf /etc/fail2ban/filter.d/apache-fakegooglebot.conf /etc/fail2ban/filter.d/apache-modsecurity.conf /etc/fail2ban/filter.d/apache-nohome.conf /etc/fail2ban/filter.d/apache-noscript.conf /etc/fail2ban/filter.d/apache-overflows.conf /etc/fail2ban/filter.d/apache-pass.conf /etc/fail2ban/filter.d/apache-shellshock.conf /etc/fail2ban/filter.d/assp.conf /etc/fail2ban/filter.d/asterisk.conf /etc/fail2ban/filter.d/botsearch-common.conf /etc/fail2ban/filter.d/common.conf /etc/fail2ban/filter.d/counter-strike.conf /etc/fail2ban/filter.d/courier-auth.conf /etc/fail2ban/filter.d/courier-smtp.conf /etc/fail2ban/filter.d/cyrus-imap.conf /etc/fail2ban/filter.d/directadmin.conf /etc/fail2ban/filter.d/dovecot.conf /etc/fail2ban/filter.d/dropbear.conf /etc/fail2ban/filter.d/drupal-auth.conf /etc/fail2ban/filter.d/ejabberd-auth.conf /etc/fail2ban/filter.d/exim-common.conf /etc/fail2ban/filter.d/exim-spam.conf /etc/fail2ban/filter.d/exim.conf /etc/fail2ban/filter.d/freeswitch.conf /etc/fail2ban/filter.d/froxlor-auth.conf /etc/fail2ban/filter.d/groupoffice.conf /etc/fail2ban/filter.d/gssftpd.conf /etc/fail2ban/filter.d/guacamole.conf /etc/fail2ban/filter.d/horde.conf /etc/fail2ban/filter.d/ignorecommands /etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot /etc/fail2ban/filter.d/kerio.conf /etc/fail2ban/filter.d/lighttpd-auth.conf /etc/fail2ban/filter.d/monit.conf /etc/fail2ban/filter.d/mysqld-auth.conf /etc/fail2ban/filter.d/nagios.conf /etc/fail2ban/filter.d/named-refused.conf /etc/fail2ban/filter.d/nginx-botsearch.conf /etc/fail2ban/filter.d/nginx-http-auth.conf /etc/fail2ban/filter.d/nsd.conf /etc/fail2ban/filter.d/openwebmail.conf /etc/fail2ban/filter.d/oracleims.conf /etc/fail2ban/filter.d/pam-generic.conf /etc/fail2ban/filter.d/perdition.conf /etc/fail2ban/filter.d/php-url-fopen.conf /etc/fail2ban/filter.d/portsentry.conf /etc/fail2ban/filter.d/postfix-rbl.conf /etc/fail2ban/filter.d/postfix-sasl.conf /etc/fail2ban/filter.d/postfix.conf /etc/fail2ban/filter.d/proftpd.conf /etc/fail2ban/filter.d/pure-ftpd.conf /etc/fail2ban/filter.d/qmail.conf /etc/fail2ban/filter.d/recidive.conf /etc/fail2ban/filter.d/roundcube-auth.conf /etc/fail2ban/filter.d/selinux-common.conf /etc/fail2ban/filter.d/selinux-ssh.conf /etc/fail2ban/filter.d/sendmail-auth.conf /etc/fail2ban/filter.d/sendmail-reject.conf /etc/fail2ban/filter.d/sieve.conf /etc/fail2ban/filter.d/sogo-auth.conf /etc/fail2ban/filter.d/solid-pop3d.conf /etc/fail2ban/filter.d/squid.conf /etc/fail2ban/filter.d/squirrelmail.conf /etc/fail2ban/filter.d/sshd-ddos.conf /etc/fail2ban/filter.d/sshd.conf /etc/fail2ban/filter.d/stunnel.conf /etc/fail2ban/filter.d/suhosin.conf /etc/fail2ban/filter.d/tine20.conf /etc/fail2ban/filter.d/uwimap-auth.conf /etc/fail2ban/filter.d/vsftpd.conf /etc/fail2ban/filter.d/webmin-auth.conf /etc/fail2ban/filter.d/wuftpd.conf /etc/fail2ban/filter.d/xinetd-fail.conf /etc/fail2ban/jail.conf /etc/fail2ban/jail.d /etc/fail2ban/paths-common.conf /etc/fail2ban/paths-debian.conf /etc/fail2ban/paths-fedora.conf /etc/fail2ban/paths-freebsd.conf /etc/fail2ban/paths-osx.conf /etc/logrotate.d/fail2ban /etc/tmpfiles.d/fail2ban.conf /usr/bin/fail2ban-client /usr/bin/fail2ban-regex /usr/bin/fail2ban-server /usr/bin/fail2ban-testcases /usr/lib/python2.7/site-packages/fail2ban /usr/lib/python2.7/site-packages/fail2ban-0.9.3-py2.7.egg-info /usr/lib/python2.7/site-packages/fail2ban/__init__.py /usr/lib/python2.7/site-packages/fail2ban/__init__.pyc /usr/lib/python2.7/site-packages/fail2ban/__init__.pyo /usr/lib/python2.7/site-packages/fail2ban/client /usr/lib/python2.7/site-packages/fail2ban/client/__init__.py /usr/lib/python2.7/site-packages/fail2ban/client/__init__.pyc /usr/lib/python2.7/site-packages/fail2ban/client/__init__.pyo /usr/lib/python2.7/site-packages/fail2ban/client/actionreader.py /usr/lib/python2.7/site-packages/fail2ban/client/actionreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/actionreader.pyo /usr/lib/python2.7/site-packages/fail2ban/client/beautifier.py /usr/lib/python2.7/site-packages/fail2ban/client/beautifier.pyc /usr/lib/python2.7/site-packages/fail2ban/client/beautifier.pyo /usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.py /usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.pyc /usr/lib/python2.7/site-packages/fail2ban/client/configparserinc.pyo /usr/lib/python2.7/site-packages/fail2ban/client/configreader.py /usr/lib/python2.7/site-packages/fail2ban/client/configreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/configreader.pyo /usr/lib/python2.7/site-packages/fail2ban/client/configurator.py /usr/lib/python2.7/site-packages/fail2ban/client/configurator.pyc /usr/lib/python2.7/site-packages/fail2ban/client/configurator.pyo /usr/lib/python2.7/site-packages/fail2ban/client/csocket.py /usr/lib/python2.7/site-packages/fail2ban/client/csocket.pyc /usr/lib/python2.7/site-packages/fail2ban/client/csocket.pyo /usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.py /usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/fail2banreader.pyo /usr/lib/python2.7/site-packages/fail2ban/client/filterreader.py /usr/lib/python2.7/site-packages/fail2ban/client/filterreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/filterreader.pyo /usr/lib/python2.7/site-packages/fail2ban/client/jailreader.py /usr/lib/python2.7/site-packages/fail2ban/client/jailreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/jailreader.pyo /usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.py /usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.pyc /usr/lib/python2.7/site-packages/fail2ban/client/jailsreader.pyo /usr/lib/python2.7/site-packages/fail2ban/exceptions.py /usr/lib/python2.7/site-packages/fail2ban/exceptions.pyc /usr/lib/python2.7/site-packages/fail2ban/exceptions.pyo /usr/lib/python2.7/site-packages/fail2ban/helpers.py /usr/lib/python2.7/site-packages/fail2ban/helpers.pyc /usr/lib/python2.7/site-packages/fail2ban/helpers.pyo /usr/lib/python2.7/site-packages/fail2ban/protocol.py /usr/lib/python2.7/site-packages/fail2ban/protocol.pyc /usr/lib/python2.7/site-packages/fail2ban/protocol.pyo /usr/lib/python2.7/site-packages/fail2ban/server /usr/lib/python2.7/site-packages/fail2ban/server/__init__.py /usr/lib/python2.7/site-packages/fail2ban/server/__init__.pyc /usr/lib/python2.7/site-packages/fail2ban/server/__init__.pyo /usr/lib/python2.7/site-packages/fail2ban/server/action.py /usr/lib/python2.7/site-packages/fail2ban/server/action.pyc /usr/lib/python2.7/site-packages/fail2ban/server/action.pyo /usr/lib/python2.7/site-packages/fail2ban/server/actions.py /usr/lib/python2.7/site-packages/fail2ban/server/actions.pyc /usr/lib/python2.7/site-packages/fail2ban/server/actions.pyo /usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.py /usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.pyc /usr/lib/python2.7/site-packages/fail2ban/server/asyncserver.pyo /usr/lib/python2.7/site-packages/fail2ban/server/banmanager.py /usr/lib/python2.7/site-packages/fail2ban/server/banmanager.pyc /usr/lib/python2.7/site-packages/fail2ban/server/banmanager.pyo /usr/lib/python2.7/site-packages/fail2ban/server/database.py /usr/lib/python2.7/site-packages/fail2ban/server/database.pyc /usr/lib/python2.7/site-packages/fail2ban/server/database.pyo /usr/lib/python2.7/site-packages/fail2ban/server/datedetector.py /usr/lib/python2.7/site-packages/fail2ban/server/datedetector.pyc /usr/lib/python2.7/site-packages/fail2ban/server/datedetector.pyo /usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.py /usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.pyc /usr/lib/python2.7/site-packages/fail2ban/server/datetemplate.pyo /usr/lib/python2.7/site-packages/fail2ban/server/faildata.py /usr/lib/python2.7/site-packages/fail2ban/server/faildata.pyc /usr/lib/python2.7/site-packages/fail2ban/server/faildata.pyo /usr/lib/python2.7/site-packages/fail2ban/server/failmanager.py /usr/lib/python2.7/site-packages/fail2ban/server/failmanager.pyc /usr/lib/python2.7/site-packages/fail2ban/server/failmanager.pyo /usr/lib/python2.7/site-packages/fail2ban/server/failregex.py /usr/lib/python2.7/site-packages/fail2ban/server/failregex.pyc /usr/lib/python2.7/site-packages/fail2ban/server/failregex.pyo /usr/lib/python2.7/site-packages/fail2ban/server/filter.py /usr/lib/python2.7/site-packages/fail2ban/server/filter.pyc /usr/lib/python2.7/site-packages/fail2ban/server/filter.pyo /usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.py /usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.pyc /usr/lib/python2.7/site-packages/fail2ban/server/filtergamin.pyo /usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.py /usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.pyc /usr/lib/python2.7/site-packages/fail2ban/server/filterpoll.pyo /usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.py /usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.pyc /usr/lib/python2.7/site-packages/fail2ban/server/filterpyinotify.pyo /usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py /usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.pyc /usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.pyo /usr/lib/python2.7/site-packages/fail2ban/server/jail.py /usr/lib/python2.7/site-packages/fail2ban/server/jail.pyc /usr/lib/python2.7/site-packages/fail2ban/server/jail.pyo /usr/lib/python2.7/site-packages/fail2ban/server/jails.py /usr/lib/python2.7/site-packages/fail2ban/server/jails.pyc /usr/lib/python2.7/site-packages/fail2ban/server/jails.pyo /usr/lib/python2.7/site-packages/fail2ban/server/jailthread.py /usr/lib/python2.7/site-packages/fail2ban/server/jailthread.pyc /usr/lib/python2.7/site-packages/fail2ban/server/jailthread.pyo /usr/lib/python2.7/site-packages/fail2ban/server/mytime.py /usr/lib/python2.7/site-packages/fail2ban/server/mytime.pyc /usr/lib/python2.7/site-packages/fail2ban/server/mytime.pyo /usr/lib/python2.7/site-packages/fail2ban/server/server.py /usr/lib/python2.7/site-packages/fail2ban/server/server.pyc /usr/lib/python2.7/site-packages/fail2ban/server/server.pyo /usr/lib/python2.7/site-packages/fail2ban/server/strptime.py /usr/lib/python2.7/site-packages/fail2ban/server/strptime.pyc /usr/lib/python2.7/site-packages/fail2ban/server/strptime.pyo /usr/lib/python2.7/site-packages/fail2ban/server/ticket.py /usr/lib/python2.7/site-packages/fail2ban/server/ticket.pyc /usr/lib/python2.7/site-packages/fail2ban/server/ticket.pyo /usr/lib/python2.7/site-packages/fail2ban/server/transmitter.py /usr/lib/python2.7/site-packages/fail2ban/server/transmitter.pyc /usr/lib/python2.7/site-packages/fail2ban/server/transmitter.pyo /usr/lib/python2.7/site-packages/fail2ban/tests /usr/lib/python2.7/site-packages/fail2ban/tests/__init__.py /usr/lib/python2.7/site-packages/fail2ban/tests/__init__.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/__init__.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/action_d /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.py /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/__init__.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.py /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_badips.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.py /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/action_d/test_smtp.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/actionstestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/actiontestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/banmanagertestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/clientreadertestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/config /usr/lib/python2.7/site-packages/fail2ban/tests/config/action.d /usr/lib/python2.7/site-packages/fail2ban/tests/config/action.d/brokenaction.conf /usr/lib/python2.7/site-packages/fail2ban/tests/config/fail2ban.conf /usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d /usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/simple.conf /usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/test.conf /usr/lib/python2.7/site-packages/fail2ban/tests/config/filter.d/test.local /usr/lib/python2.7/site-packages/fail2ban/tests/config/jail.conf /usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/databasetestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/datedetectortestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.py /usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/dummyjail.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/failmanagertestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_checkainfo.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_errors.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_modifyainfo.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_noAction.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/action.d/action_nomethod.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/config /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/README /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/noentry /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/database_v1.db /usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d /usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/substition.conf /usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/testcase-common.conf /usr/lib/python2.7/site-packages/fail2ban/tests/files/filter.d/testcase01.conf /usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.py /usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/files/ignorecommand.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/3proxy /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-badbots /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-botsearch /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-fakegooglebot /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-modsecurity /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-nohome /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-noscript /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-overflows /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-pass /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/apache-shellshock /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/assp /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/asterisk /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-plain.txt /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-v.txt /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/bsd/syslog-vv.txt /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/counter-strike /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/courier-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/courier-smtp /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/cyrus-imap /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/directadmin /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/dovecot /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/dropbear /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/drupal-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/ejabberd-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/exim /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/exim-spam /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/freeswitch /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/froxlor-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/groupoffice /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/gssftpd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/guacamole /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/horde /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/kerio /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/lighttpd-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/monit /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/mysqld-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nagios /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/named-refused /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nginx-botsearch /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nginx-http-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/nsd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/openwebmail /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/oracleims /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/pam-generic /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/perdition /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/php-url-fopen /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/portsentry /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix-rbl /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/postfix-sasl /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/proftpd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/pure-ftpd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/qmail /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/recidive /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/roundcube-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/selinux-ssh /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sendmail-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sendmail-reject /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sieve /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sogo-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/solid-pop3d /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/squid /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/squirrelmail /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sshd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/sshd-ddos /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/stunnel /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/suhosin /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/tine20 /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/uwimap-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/vsftpd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/webmin-auth /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/wuftpd /usr/lib/python2.7/site-packages/fail2ban/tests/files/logs/xinetd-fail /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-journal.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-multiline.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase-usedns.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase01.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase02.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase03.log /usr/lib/python2.7/site-packages/fail2ban/tests/files/testcase04.log /usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/filtertestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/misctestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/samplestestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/servertestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.py /usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/sockettestcase.pyo /usr/lib/python2.7/site-packages/fail2ban/tests/utils.py /usr/lib/python2.7/site-packages/fail2ban/tests/utils.pyc /usr/lib/python2.7/site-packages/fail2ban/tests/utils.pyo /usr/lib/python2.7/site-packages/fail2ban/version.py /usr/lib/python2.7/site-packages/fail2ban/version.pyc /usr/lib/python2.7/site-packages/fail2ban/version.pyo /usr/lib/systemd/system/fail2ban.service /usr/share/doc/fail2ban-server-0.9.3 /usr/share/doc/fail2ban-server-0.9.3/COPYING /usr/share/doc/fail2ban-server-0.9.3/ChangeLog /usr/share/doc/fail2ban-server-0.9.3/README.md /usr/share/doc/fail2ban-server-0.9.3/TODO /usr/share/doc/fail2ban-server-0.9.3/requirements.txt /usr/share/doc/fail2ban-server-0.9.3/run-rootless.txt /usr/share/man/man1/fail2ban-client.1.gz /usr/share/man/man1/fail2ban-regex.1.gz /usr/share/man/man1/fail2ban-server.1.gz /usr/share/man/man1/fail2ban-testcases.1.gz /usr/share/man/man1/fail2ban.1.gz /usr/share/man/man5/jail.conf.5.gz /var/lib/fail2ban /var/run/fail2ban Name : fail2ban-systemd Version : 0.9.3 Release : 1.el7 Architecture: noarch Install Date: Mon 12 Sep 2016 01:32:28 PM CEST Group : Unspecified Size : 272 License : GPLv2+ Signature : RSA/SHA256, Sun 13 Sep 2015 06:58:13 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : fail2ban-0.9.3-1.el7.src.rpm Build Date : Sat 12 Sep 2015 11:19:16 PM CEST Build Host : buildvm-04.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://fail2ban.sourceforge.net/ Summary : Systemd journal configuration for Fail2Ban Description : This package configures Fail2Ban to use the systemd journal for its log input by default. /etc/fail2ban/jail.d/00-systemd.conf Name : fail2ban-mail Version : 0.9.3 Release : 1.el7 Architecture: noarch Install Date: Mon 12 Sep 2016 01:32:28 PM CEST Group : Unspecified Size : 11104 License : GPLv2+ Signature : RSA/SHA256, Sun 13 Sep 2015 07:06:55 PM CEST, Key ID 6a2faea2352c64e5 Source RPM : fail2ban-0.9.3-1.el7.src.rpm Build Date : Sat 12 Sep 2015 11:19:16 PM CEST Build Host : buildvm-04.phx2.fedoraproject.org Relocations : (not relocatable) Packager : Fedora Project Vendor : Fedora Project URL : http://fail2ban.sourceforge.net/ Summary : Mail actions for Fail2Ban Description : This package installs Fail2Ban's mail actions. These are an alternative to the default sendmail actions. /etc/fail2ban/action.d/complain.conf /etc/fail2ban/action.d/mail-buffered.conf /etc/fail2ban/action.d/mail-whois-common.conf /etc/fail2ban/action.d/mail-whois-lines.conf /etc/fail2ban/action.d/mail-whois.conf
Bestandteile
Nachfolgend sollen kurz die Bestandteile und deren Funktionsweise und Bedeutung innerhalb von fail2ban erläutert werden.
Definitionen
Bevor mit der Kurzdarstellung von fail2ban begonnen wird, sollen nachfolgende Begriffe, zum besseren Verständnis, kurz erläutert werden:
Begriff | Erklärung |
---|---|
filter | Ein filter definiert eine regular Expression, welche ein Muster innerhlb einer LOG-Datei erkennen kann. |
action | Eine action definiert eine oder mehrere Aktionen, welche zu einem bestimmten Ereignis ausgeführt werden. |
jail | Ein jail ist eine Kombination aus einem - filter und einer oder mehreren - action. fail2ban kann mehere jail's gleichzeitig abhandeln! |
client | Bezeichnet bzw. verweist aus das Skript - fail2ban-client. |
server | Bezeichnet bzw. verweist aus das Skript - fail2ban-server. |
Server
fail2ban besteht aus zwei Teilen, einem client und einem server. Der server kann aus einem oder mehreren Prozessen bestehen und lauscht auf einem unix-socket nach eingehenden Befehlen. Der server selbst kennt keine Konfigurationen, welche die Überwachung der LOG-Dateien beschreiben. Beim Start des server befindet sich dieser in einer Art Standard-Modus, in dem dieser keinerlei Informationen über die Existenz von jail's kennt.
HINWEIS - Der server sollte nicht direkt angesprochen werden!
Client
Der zweite Teil von fail2ban ist der client. Dieser kann auch als Frontend für den server bezeichnet werden. Der client verbindet sich mit dem server über den unix-socket und sendet Befehle an den server, welche den server konfigurieren und steuern.
Der client liest die Konfigurationsdateien ein und kann auch dazu verwendet werden, einfache Befehle an den server zu übermitteln. Die Befehlsübermittlung kann über die Befehlszeile oder auch in einem Interaktiven-Modus erfolgen. Der client ist sogar in der Lage den server zu starten.
Alle Angaben, welche in den Konfigurationsdateien hinterlegt sind, können auch direkt z.B. über die Befehlszeile dem client übermittelt werden. Die Verwendung von Konfigurationsdateien, stellt bei fail2ban nur eine einfache und effiziente Möglichkeit dar, Befehle über den client an den server zu übermitteln.
HINWEIS - Das Prinzip ist ähnlich wie bei iptables!
Konfiguration
Nachfolgend sollen die einzelnen Konfigurationsdateien von fail2ban vorgestellt und erläutert werden.
/etc/fail2ban/fail2ban.conf
Die Konfigurationsdatei
/etc/fail2ban/fail2ban.conf
enthält die globalen Einstellungen für den fail2ban - server.
Hier können z.B. das LOG-Level und das Ziel der LOG-Schreibung (Standard ist SYSLOG
) sowie auch der unix-socket angegeben werden.
HINWEIS - Aktuelle werden alle Meldungen von fail2ban nach SYSLOG und auf die aktive Console/shell
geschrieben !
Falls das im Hinweis beschriebene Verhalten nicht gewünscht sein sollte, kann nachfolgende Änderung dies beheben:
WICHTIG - Es sollte die Originaldatei - /etc/fail2ban/fail2ban.conf
- NICHT verändert werden!
Stattdessen sollte eine Konfigurationsdatei mit Namen
/etc/fail2ban/fail2ban.local
mit nachfolgendem Befehl angelegt werden:
# touch /etc/fail2ban/fail2ban.local
Der Inhalt der neuen, lokalen (local) Konfigurationsdatei, könnte dann wie folgt aussehen:
[Definition] # Option: logtarget # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT. # Only one log target can be specified. # Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log # # Tachtler # default: logtarget = SYSLOG logtarget = /var/log/fail2ban.log
HINWEIS - Da hier der Standard Speicherort verwendet wird, ist keine Anpassung der Konfigurationsdatei
/etc/logrotate.d/fail2ban
notwendig !!!
/etc/fail2ban/jail.conf
Die wohl wichtigste Konfigurationsdatei von fail2ban ist
/etc/fail2ban/jail.conf
WICHTIG - Es sollte die Originaldatei - /etc/fail2ban/jail.conf
- NICHT verändert werden!
Stattdessen sollte eine Konfigurationsdatei mit Namen
/etc/fail2ban/jail.local
mit nachfolgendem Befehl angelegt werden:
# touch /etc/fail2ban/jail.local
Diese enthält die Definitionen der einzelnen jail's von fail2ban. Standardmäßig sind einige Vorlagen hier enthalten, welche nur enabled - aktiviert werden müssen und ggf. an die persönlichen Bedürfnisse angepasst werden können.
Bevor auf die einzelnen jail's und deren Definition eingegangen werden soll, soll hier noch die Definition
[DEFAULT]
besprochen werden, welche Standardwerte für weitere jail's setzte, falls diese nicht in den einzelnen jail Definitionen überschrieben werden:
Konfiguration | Standartwert | Beschreibung |
---|---|---|
ignoreip | 127.0.0.1 (localhost) | Liste der IP-Adressen die von fail2ban ignoriert werden |
bantime | 600 (10 Minuten) | Anzahl an Sekunden, die eine IP-Adresse gebannt wird |
findtime | 600 (10 Minuten) | Anzahl an Sekunden, in denen das erneute Auffinden einer IP-Adresse überwacht bzw. gewertet wird |
maxretry | 3 | Maximale Anzahl, die eine IP-Adresse aufgefunden werden kann und dann die Sperrung erfolgt |
backend | auto | Backend, welches zur Überwachung von Dateioperationen verwendet wird |
HINWEIS - Angaben innerhalb von jail's - überschreiben die Standardwerte aus der Definition [DEFAULT]!
Grundsätzlich ist ein jail immer dann gebildet, wenn ein filter und mindestens eine action in einer Definition aktiv sind.
HINWEIS - Eine Definition für ein jail beginnt immer mit eckigen Klammern - [ … ]!
Standardmäßig ist eine Definition als enabled = true - aktiv gesetzt und zwar die Definition
[ssh-iptables]
Die Definition [ssh-iptables] sieht wie folgt aus und soll hier beispielhaft erklärt werden:
... [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] mail-whois[name=SSH, dest=root, sender=fail2ban@example.com] logpath = /var/log/secure maxretry = 5 ...
Konfiguration | Standartwert | Beschreibung |
---|---|---|
[ssh-iptables] | Name der Definition | |
enabled | true | Aktiviert [ja/nein] |
filter | sshd | siehe Konfiguration in /etc/fail2ban/filter.d/sshd.conf |
action | iptables… | siehe Konfiguration in /etc/fail2ban/action.d/iptables.conf |
logpath | /var/log/secure | Pfad zur zu überwachenden LOG-Datei |
maxretry | 5 (überschrieben) | Maximale Anzahl, die eine IP-Adresse aufgefunden werden kann und dann die Sperrung erfolgt |
/etc/fail2ban/filter.d
Im Verzeichnis
/etc/fail2ban/filter.d
sind die Konfigurationsdateien für die regular expression abgelegt auf die in den LOG-Dateien gesucht wird.
/etc/fail2ban/action.d
Im Verzeichnis
/etc/fail2ban/action.d
sind die Konfigurationsdateien für die Ausführung von Scripten/Befehlen grob gesagt Aktionen die durch fail2ban dann ausgeführt werden.
Server Starten
Vor dem Server-Start kann, wie nachfolgend gezeigt, die Konfiguration überprüft werden.
Um die aktuelle Konfiguration zu überprüfen, kann nachfolgender Befehl genutzt werden, welche alle Konfigurationsdateien berücksichtige und die Konfiguration anzeigt, die an den server übermittelt wird:
# fail2ban-client -d WARNING 'action' not defined in 'php-url-fopen'. Using default value WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value ['set', 'loglevel', 3] ['set', 'logtarget', 'SYSLOG'] ['add', 'ssh-iptables', 'auto'] ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure'] ['set', 'ssh-iptables', 'maxretry', 5] ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1'] ['set', 'ssh-iptables', 'findtime', 600] ['set', 'ssh-iptables', 'bantime', 600] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User \\S+ from <HOST> not allowed because not listed in AllowUsers$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$'] ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Address <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\\s*$'] ['set', 'ssh-iptables', 'addfailregex', "^\\s*(?:\\S+ )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User \\S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$"] ['set', 'ssh-iptables', 'addaction', 'iptables'] ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP'] ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>'] ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>'] ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP'] ['set', 'ssh-iptables', 'actioncheck', 'iptables', 'iptables -n -L INPUT | grep -q fail2ban-<name>'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH'] ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh'] ['set', 'ssh-iptables', 'addaction', 'sendmail-whois'] ['set', 'ssh-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] ['set', 'ssh-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] ['set', 'ssh-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>'] ['set', 'ssh-iptables', 'actionunban', 'sendmail-whois', ''] ['set', 'ssh-iptables', 'actioncheck', 'sendmail-whois', ''] ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'root'] ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'name', 'SSH'] ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@example.com'] ['start', 'ssh-iptables']
Abschließend kann dann fail2ban mit nachfolgendem Befehl gestartet werden:
CentOS 6:
# service fail2ban start Starting fail2ban: Message from syslogd@vrechner at Nov 29 13:04:48 ... �<30>fail2ban.filter : INFO Added logfile = /var/log/secure Message from syslogd@rechner at Nov 29 13:04:48 ... �<30>fail2ban.filter : INFO Set maxRetry = 5 Message from syslogd@rechner at Nov 29 13:04:48 ... �<30>fail2ban.filter : INFO Set findtime = 600 [ OK ]
CentOS 7:
# systemctl start fail2ban.service
bzw.
# systemctl status fail2ban.service ● fail2ban.service - Fail2Ban Service Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2016-09-12 14:02:12 CEST; 31s ago Docs: man:fail2ban(1) Process: 9223 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS) Main PID: 9248 (fail2ban-server) CGroup: /system.slice/fail2ban.service └─9248 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fa... Sep 12 14:02:10 vml71010.edmz.tachtler.net systemd[1]: Starting Fail2Ban Serv... Sep 12 14:02:10 vml71010.edmz.tachtler.net fail2ban-client[9223]: 2016-09-12 ... Sep 12 14:02:10 vml71010.edmz.tachtler.net fail2ban-client[9223]: 2016-09-12 ... Sep 12 14:02:12 vml71010.edmz.tachtler.net systemd[1]: Started Fail2Ban Service. Hint: Some lines were ellipsized, use -l to show in full.
Um fail2ban auch nach einem Neustart (restart) des Servers automatisch zu starten, sollten nachfolgende Konfiguration durchgeführt werden.
CentOS 6:
Nachfolgender Befehl, fügt das Start-Skript
/etc/init.d/fail2ban
der automatischen Ausführung (Start) beim Start oder Neustart des Servers/Knotens hinzu:
# chkconfig fail2ban on
Ein Überprüfung, ob dies erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden:
# chkconfig --list | grep fail2ban fail2ban 0:off 1:off 2:on 3:on 4:on 5:on 6:off
CentOS 7:
Nachfolgender Befehl, fügt das Systemd-Start-Skript
/usr/lib/systemd/system/fail2ban.service
der automatischen Ausführung (Start) beim Start oder Neustart des Servers/Knotens hinzu:
# systemctl enable fail2ban.service Created symlink from /etc/systemd/system/multi-user.target.wants/fail2ban.service to /usr/lib/systemd/system/fail2ban.service.
Ein Überprüfung, ob dies erfolgreich war, kann mit nachfolgendem Befehl durchgeführt werden:
# systemctl is-enabled fail2ban.service enabled
Mit nachfolgenden Befehlen kann überprüft werden ob fail2ban aktiv ist.
# ps auxwwwf | grep fail2ban root 12278 0.0 0.0 103244 800 pts/0 S+ 13:08 0:00 \_ grep fail2ban root 12125 0.1 0.8 348700 8488 ? Sl 13:04 0:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -x
und
# tail -n 8 /var/log/messages Nov 29 13:04:48 rechner fail2ban.server : INFO Changed logging target to SYSLOG for Fail2ban v0.8.4 Nov 29 13:04:48 rechner fail2ban.jail : INFO Creating new jail 'ssh-iptables' Nov 29 13:04:48 rechner fail2ban.jail : INFO Jail 'ssh-iptables' uses Inotify Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO Added logfile = /var/log/secure Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO Set maxRetry = 5 Nov 29 13:04:48 rechner �<30>fail2ban.filter : INFO Set findtime = 600 Nov 29 13:04:48 rechner fail2ban.actions: INFO Set banTime = 600 Nov 29 13:04:48 rechner fail2ban.jail : INFO Jail 'ssh-iptables' started
Falls eine IP-Adresse geblockt wird, sollte nachfolgender Eintrag in der LOG-Datei - hier -
/var/log/messages
erscheinen:
... Nov 29 14:01:19 rechner <BF><28>fail2ban.actions: WARNING [ssh-iptables] Ban 123.456.789.123 ...
oder auch, bei mehr als - hier - 5 Versuchen:
... Nov 29 14:01:27 rechner <BF><28>fail2ban.actions: WARNING [ssh-iptables] 123.456.789.123 already banned ...
Auch nachfolgende Ausgabe von iptables mit nachfolgendem Befehl, zeigt die aktuell geblockten IP-Adressen:
CentOS 6:
# iptables -nvL fail2ban-SSH Chain fail2ban-SSH (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 123.456.789.123 0.0.0.0/0 60 3216 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
CentOS 7:
# iptables -nvL f2b-SSH Chain fail2ban-SSH (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 123.456.789.123 0.0.0.0/0 60 3216 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Konfigurationsbeispiel
Nachfolgende Beispiele der genannten Konfigurationsdateien mit möglichen Einstellungen:
/etc/fail2ban/jail.local
Beispiel mit jail's für
sshd
sasl
# The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. # Tachtler # default: ignoreip = 127.0.0.1 ignoreip = 127.0.0.1 192.168.0.0/24 # "bantime" is the number of seconds that a host is banned. # Tachtler # default: bantime = 600 bantime = 300 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. # Tachtler # default: findtime = 600 findtime = 900 # This jail corresponds to the standard configuration in Fail2ban 0.6. # The mail-whois action send a notification e-mail with a whois request # in the body. [ssh-iptables] enabled = true filter = sshd # Tachtler # default: action = iptables[name=SSH, port=ssh, protocol=tcp] # default: sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=root, sender=fail2ban@tachtler.net] logpath = /var/log/secure maxretry = 5 # This jail forces the backend to "polling". [sasl-iptables] # Tachtler # default: enabled = false enabled = true filter = sasl backend = polling # Tachtler # default: action = iptables[name=sasl, port=smtp, protocol=tcp] # default: sendmail-whois[name=sasl, dest=you@example.com] action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, dest=root, sender=fail2ban@tachtler.net] # Tachtler # default: logpath = /var/log/mail.log logpath = /var/log/maillog
Problembehebung
/etc/fail2ban/filter.d/sasl.local
Um in einem jail - sasl erfolgreich einsetzen zu können, muss nachfolgende Anpassung an der Konfigurationsdatei
/etc/fail2ban/filter.d/sasl.local
erfolgen:
# Fail2Ban configuration file # # Author: Yaroslav Halchenko # # $Revision$ # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$ # Tachtler failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ # Tachtler failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*={0,2})?$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
HINWEIS - Es fehlt nur ein LEERZEICHEN
nach dem -Zeichen. Ausschnitt: [A-Za-z0-9+ ]*={0,2})?$
Um die Änderungen an der Konfiguration zu testen und um zu überprüfen, ob eine Übereinstimmung mit den Angaben in der regular expression mit Inhalten in der angegebenen LOG-Datei vorhanden sind, kann nachfolgender Befehl genutzt werden:
# fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.local /usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead import md5 Running tests ============= Use regex file : /etc/fail2ban/filter.d/sasl.conf Use log file : /var/log/maillog Results ======= Failregex |- Regular expressions: | [1] (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/ ]*={0,2})?$ | `- Number of matches: [1] 3 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary ======= Addresses found: [1] 123.456.789.123 (Thu Nov 29 17:57:23 2012) 123.456.789.123 (Thu Nov 29 17:57:33 2012) 123.456.789.123 (Thu Nov 29 17:57:42 2012) Date template hits: 3 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 0 hit(s): TAI64N 0 hit(s): Epoch 0 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): <Month/Day/Year@Hour:Minute:Second> Success, the total number of match is 3 However, look at the above section 'Running tests' which could contain important information.
IP-Adresse manuell löschen "unban"
Nachfolgende Befehle ermöglichen es, eine IP-Adresse, welche von fail2ban als „banned“ gelistet ist zu löschen („unban“).
Dies soll durch Aufruf des fail2ban-client
im interaktiven Modus erfolgen.
Um den fail2ban-client
in den interaktiven Modus zu versetzen, ist nachfolgender Befehl erforderlich:
# fail2ban-client -i Fail2Ban v0.9.7 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules. fail2ban>
Anschließend befindet sich der fail2ban-client
im interaktiven Modus, was durch den Prompt erkennbar ist.
Durch Eingabe von nachfolgendem Befehl, werden die einzelnen jails
aufgelistet, aus denen nun eine IP-Adresse gelöscht werden kann:
fail2ban> status Status |- Number of jail: 3 `- Jail list: portscan, sshd, sshd-ddos
Durch Erweiterung des vorhergehenden Befehls, um die Angabe eines jails
, können nun die sich darin gelisteten IP-Adressen aufgelistet werden, was mit nachfolgendem Befehl hier für den jail
- portscan
durchgeführt werden soll:
fail2ban> status portscan Status for the jail: portscan |- Filter | |- Currently failed: 59 | |- Total failed: 760 | `- Journal matches: _TRANSPORT=kernel `- Actions |- Currently banned: 2 |- Total banned: 2 `- Banned IP list: 151.101.114.49 85.93.20.106
Um jetzt z.B. die IP-Adresse 151.101.114.49
zu löschen („unban“), muss nachfolgender Befehl wie folgt eingegeben werden:
fail2ban> set portscan unbanip 151.101.114.49 151.101.114.49
Als Antwort auf den vorhergehenden Befehl, sollte die eingegeben IP-Adresse erscheinen, was das löschen („unban“) bestätigt.
Eine erneute Abfrage der gelisteten IP-Adressen im jail
- portscan
, sollte nun ohne die entsprechende IP-Adresse erfolgen, was nachfolgende Abfrage zeigt:
fail2ban> status portscan Status for the jail: portscan |- Filter | |- Currently failed: 62 | |- Total failed: 781 | `- Journal matches: _TRANSPORT=kernel `- Actions |- Currently banned: 1 |- Total banned: 2 `- Banned IP list: 85.93.20.106
Um den interaktiven Modus von fail2ban-client
wider zu verlassen, kann nachfolgender Befehl eingegeben werden:
fail2ban> exit