Thanks Thanks:  1
Likes Likes:  4
Dislikes Dislikes:  1
Results 1 to 6 of 6

Thread: AJUTOR ! Fail2ban rule sa blocheze automat ce genereaza failban OSCAM

  1. #1
    Member Visitor
    Join Date
    02 Aug 2013
    Posts
    6
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default AJUTOR ! Fail2ban rule sa blocheze automat ce genereaza failban OSCAM

    Salutare , stie cineva cum pot adauga un "rule" in fail2ban (ubuntu) in functie de ce genereaza FAILBAN din oscam (/var/log/oscam/oscamuser.log) ?

    Multumesc !

  2. #2
    RSP - TEAM zildan's Avatar
    Join Date
    05 Dec 2007
    Location
    Sudul Romaniei
    Posts
    8,511
    Mentioned
    93 Post(s)
    Rep Power
    100

    Default

    Vezi sa nu se intre de mai multe ori cu acelasi user !
    Sh40, AML, prime focus 1,5m si altele ...

  3. #3

    Join Date
    02 Feb 2007
    Posts
    279
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default

    Salut, am facut eu de ceva vreme ...

    in fisierul /etc/fail2ban/jail.conf bagi asta

    Code:
    [oscam-tcp]
    enabled   = true
    filter    = oscam
    port      = 12200
    protocol  = tcp
    logpath   = /var/log/oscam/oscamuser.log
    banaction = iptables-allports
    findtime  = 1800
    bantime   = 36000
    bineinteles schimbi portul si logpath daca difera.

    jar in folderul /etc/fail2ban/filter.d creezi un fisier oscam.conf si bagi asta in fisier

    Code:
    # Fail2Ban configuration file
    #
    # Author: Bust3D
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the oscam user failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    #          After modifying or adding new expressions test with command,
    #          fail2ban-regex /path/to/your/oscam.log /etc/fail2ban/filter.d/oscam1.conf
    # Values:  TEXT
    #
    failregex = (.)*(plain|encrypted) (.)*-client <HOST> rejected \((no such user|unknown user)\)$
                (.)*(plain|encrypted) (.)*-client <HOST> rejected \(disabled account\)$
                (.)*(plain|encrypted) (.)*-client <HOST> rejected \(invalid access\)$
    	    (.)*duplicate user '(.)*' from <HOST> (.)*$
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    Aici am facut sa recunoasca user necunoscut , conturi blocate si utilizatori duplicate.

    Sper sa va fie de folos.

    Sarbatori fericite :P

  4. #4
    Golden Member piccolo08's Avatar
    Join Date
    02 Sep 2010
    Location
    Earth
    Posts
    450
    Mentioned
    2 Post(s)
    Rep Power
    54

    Default

    Bos...

    Inviato dal mio SM-G935F utilizzando Tapatalk
    DM 800se sim 2.10 , Ibox-cloud, raspberry pi si alte rahaturi

  5. #5
    Member Visitor
    Join Date
    02 Aug 2013
    Posts
    6
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default

    Salut , am facut cum mi-ai recomandat , dar se pare ca tot intra IP-ul ce vreau sa il blochez
    la fail2ban-client status oscam-tcp am 0 ip-uri blocate
    Status for the jail: oscam-tcp
    |- filter
    | |- File list: /var/log/oscam/oscamuser.log
    | |- Currently failed: 0
    | `- Total failed: 0
    `- action
    |- Currently banned: 0
    | `- IP list:
    `- Total banned: 0

    iar la iptables -S in ssh imi da singurele linii legate de oscam :
    -A INPUT -p tcp -j fail2ban-oscam-tcp
    -A fail2ban-oscam-tcp -j RETURN
    ai idee de ce as putea incerca ? am verificat si oscamuser.log si contine intr-adevar log de la useri

  6. #6
    Member Visitor
    Join Date
    02 Aug 2013
    Posts
    6
    Mentioned
    0 Post(s)
    Rep Power
    0

    Default

    Multumesc Bust3d pt ajutor , problema fiind la oscam.log , nu oscamuser.log
    Deci config-ul arata asa acum :

    [oscam-tcp]
    enabled = true
    filter = oscam
    port = 12200
    protocol = tcp
    logpath = /var/log/oscam/oscam.log
    banaction = iptables-allports
    findtime = 1800
    bantime = 36000

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •