CentOS 8: Unterschied zwischen den Versionen

Aus Wiki schlicker.org
Zur Navigation springen Zur Suche springen
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 63: Zeile 63:
 
</pre>
 
</pre>
  
== secure sshd with fail2ban ==
+
== secure sshd und apache with fail2ban ==
 
zuerst wird fail2ban installiert
 
zuerst wird fail2ban installiert
 
<pre>
 
<pre>
Zeile 81: Zeile 81:
 
[sshd]
 
[sshd]
 
enabled = true
 
enabled = true
 +
 +
[apache-auth]
 +
enabled = true
 +
port    = http,https
 +
logpath = %(apache_error_log)s
 +
 +
[apache-badbots]
 +
enabled = true
 +
port    = http,https
 +
logpath = %(apache_access_log)s
 +
bantime = 48h
 +
maxretry = 1
 +
 +
[apache-noscript]
 +
enabled = true
 +
port    = http,https
 +
logpath = %(apache_error_log)s
 
</pre>
 
</pre>
  
Zeile 87: Zeile 104:
 
systemctl restart fail2ban
 
systemctl restart fail2ban
 
systemctl restart sshd
 
systemctl restart sshd
 +
</pre>
 +
 +
'''Statusabfrage'''
 +
<pre>
 +
fail2ban-client status
 +
Status
 +
|- Number of jail: 1
 +
`- Jail list: sshd
 
</pre>
 
</pre>

Aktuelle Version vom 11. Oktober 2020, 08:01 Uhr

chrony

# chrony tracking
Reference ID    : BC44355C (tor-relais2.link38.eu)
Stratum         : 3
Ref time (UTC)  : Fri Oct 04 10:01:42 2019
System time     : 0.000004382 seconds fast of NTP time
Last offset     : -0.004034238 seconds
RMS offset      : 0.004034238 seconds
Frequency       : 1.807 ppm fast
Residual freq   : -681.512 ppm
Skew            : 11.315 ppm
Root delay      : 0.036042333 seconds
Root dispersion : 0.034783933 seconds
Update interval : 1.8 seconds
Leap status     : Normal

# chronyc sources
210 Number of sources = 3
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ tor-relais2.link38.eu         2   6   377    25    -23us[ +745us] +/-   21ms
^* v35005.php-friends.de         2   6   377    24   +922us[+1691us] +/-   13ms
^+ stratum2-3.NTP.TechFak.N>     2   6   377    24   -874us[ -105us] +/-   19ms

PowerTools Repository

yum install epel-release
yum config-manager --set-enabled PowerTools

cockpit

# dny -y install cockpit
# systemctl enable --now cockpit.socket
# firewall-cmd --add-service=cockpit --permanent
# firewall-cmd --reload

rename interface devices

Siehe systemd.link Manpage

Verzeichnis /etc/systemd/network anlegen 

mkdir /etc/systemd/network

und dort eine Datei 10-net0.link mit folgenden Inhalt anlegen 

vi /etc/systemd/network/10-net9.link

[Match]
MACAddress=00:a0:de:63:7a:e6

[Link]
Name=net0

secure sshd und apache with fail2ban

zuerst wird fail2ban installiert 

dnf install fail2ban

anschließend eine lokale Konfigurationsdatei erzeugt. 

vi /etc/fail2ban/jail.local
[DEFAULT]
bantime  = 1d
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd]
enabled = true

[apache-auth]
enabled = true
port    = http,https
logpath = %(apache_error_log)s

[apache-badbots]
enabled = true
port    = http,https
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1

[apache-noscript]
enabled = true
port    = http,https
logpath = %(apache_error_log)s

und danach fail2ban und sshd restartet. 

systemctl restart fail2ban
systemctl restart sshd

Statusabfrage 

fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd
Abgerufen von „https://wiki.schlicker.org/index.php?title=CentOS_8&oldid=219