CentOS 8: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 63: | Zeile 63: | ||
</pre> | </pre> | ||
| − | == secure sshd with fail2ban == | + | == secure sshd und apache with fail2ban == |
zuerst wird fail2ban installiert | zuerst wird fail2ban installiert | ||
<pre> | <pre> | ||
| Zeile 81: | Zeile 81: | ||
[sshd] | [sshd] | ||
enabled = true | enabled = true | ||
| + | |||
| + | [apache-auth] | ||
| + | enabled = true | ||
| + | port = http,https | ||
| + | logpath = %(apache_error_log)s | ||
| + | |||
| + | [apache-badbots] | ||
| + | enabled = true | ||
| + | port = http,https | ||
| + | logpath = %(apache_access_log)s | ||
| + | bantime = 48h | ||
| + | maxretry = 1 | ||
| + | |||
| + | [apache-noscript] | ||
| + | enabled = true | ||
| + | port = http,https | ||
| + | logpath = %(apache_error_log)s | ||
</pre> | </pre> | ||
| Zeile 87: | Zeile 104: | ||
systemctl restart fail2ban | systemctl restart fail2ban | ||
systemctl restart sshd | systemctl restart sshd | ||
| + | </pre> | ||
| + | |||
| + | '''Statusabfrage''' | ||
| + | <pre> | ||
| + | fail2ban-client status | ||
| + | Status | ||
| + | |- Number of jail: 1 | ||
| + | `- Jail list: sshd | ||
</pre> | </pre> | ||
Aktuelle Version vom 11. Oktober 2020, 08:01 Uhr
chrony
# chrony tracking Reference ID : BC44355C (tor-relais2.link38.eu) Stratum : 3 Ref time (UTC) : Fri Oct 04 10:01:42 2019 System time : 0.000004382 seconds fast of NTP time Last offset : -0.004034238 seconds RMS offset : 0.004034238 seconds Frequency : 1.807 ppm fast Residual freq : -681.512 ppm Skew : 11.315 ppm Root delay : 0.036042333 seconds Root dispersion : 0.034783933 seconds Update interval : 1.8 seconds Leap status : Normal
# chronyc sources 210 Number of sources = 3 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ tor-relais2.link38.eu 2 6 377 25 -23us[ +745us] +/- 21ms ^* v35005.php-friends.de 2 6 377 24 +922us[+1691us] +/- 13ms ^+ stratum2-3.NTP.TechFak.N> 2 6 377 24 -874us[ -105us] +/- 19ms
PowerTools Repository
yum install epel-release yum config-manager --set-enabled PowerTools
cockpit
# dny -y install cockpit # systemctl enable --now cockpit.socket # firewall-cmd --add-service=cockpit --permanent # firewall-cmd --reload
rename interface devices
Siehe systemd.link Manpage
Verzeichnis /etc/systemd/network anlegen
mkdir /etc/systemd/network
und dort eine Datei 10-net0.link mit folgenden Inhalt anlegen
vi /etc/systemd/network/10-net9.link [Match] MACAddress=00:a0:de:63:7a:e6 [Link] Name=net0
secure sshd und apache with fail2ban
zuerst wird fail2ban installiert
dnf install fail2ban
anschließend eine lokale Konfigurationsdatei erzeugt.
vi /etc/fail2ban/jail.local [DEFAULT] bantime = 1d findtime = 300 maxretry = 3 banaction = iptables-multiport backend = systemd [sshd] enabled = true [apache-auth] enabled = true port = http,https logpath = %(apache_error_log)s [apache-badbots] enabled = true port = http,https logpath = %(apache_access_log)s bantime = 48h maxretry = 1 [apache-noscript] enabled = true port = http,https logpath = %(apache_error_log)s
und danach fail2ban und sshd restartet.
systemctl restart fail2ban systemctl restart sshd
Statusabfrage
fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd