ããããŸãããFail2banãšabuseipdbã®çµ±åã«åé¡ããããŸãã
ãã®ãããæåã¯ã¬ããŒããabuseipdbã«ã¢ããããŒãããŠããŸããã§ããã
ããã§ç§ã¯ææžãèªã¿å§ããŸãããããŠç§ã¯ãããèŠã€ããŸãã
https://www.abuseipdb.com/fail2ban.html
actionban = curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
ã³ãã³ãããã³ãããä»ããŠãããå®è¡ãããšã次ã®ããã«ãªããŸã
ãšã©ãŒã
curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
ã¬ããŒããã¢ããããŒããããšãã«ã¢ã¯ã·ã§ã³ãå®è¡ããããšãæ³å®ããŠããã®ã¯ã©ãã§ãã
ããã³ããã§ãã®ã³ãã³ããå®è¡ãããšã次ã®ãšã©ãŒãçºçããŸã
root<strong i="26">@server1</strong>:/etc/fail2ban# curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
curl: (59) failed setting cipher list: ecdhe_ecdsa_aes_256_sha
ã€ãŸããæå·ãèšå®ã§ããªããšèšã£ãŠããã®ã§ãããDebian9ãèšå®ã§ããªãçç±ã¯ããããããŸããã
ãã®æå·ã䜿çšããŠããããã§ãããäœããã®åé¡ãããããã§ã䜿çšã§ããŸãã
æå·ãèšå®ããŸãecdhe_ecdsa_aes_256_sha
ããã¯Debian9ïŒã¹ãã¬ããïŒã§ã
uname -a
Linux server1 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
curl -V
curl 7.52.1 (x86_64-pc-linux-gnu) libcurl/7.52.1 OpenSSL/1.0.2q zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
python -V
Python 2.7.13
fail2ban-client -V
Fail2Ban v0.9.6
ããã¯ãç§ãã€ã³ã¹ããŒã«ããã°ããã®æ°ããæ°èŠã€ã³ã¹ããŒã«ã§ãã
3æ¥åã
ä»ãç§ã¯ãã®æ
å ±ã«é¢ããããã€ãã®æ
å ±ãæ¢ãåãããšãå§ããŸãã
ãããŠç§ã¯ããã€ããèŠã€ããŸããã
https://github.com/fail2ban/fail2ban/issues/2044
ä»ãç§ã圌ãæšå¥šããã³ãã³ããå®è¡ãããš
ãã®æçš¿ã§ã¯ããã¯æ©èœããŸãïŒ
actionban = curl --tlsv1.1 --data 'key=<abuseipdb_apikey>' --data-urlencode "comment=<matches>" --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
/etc/fail2ban/action.d/abuseipdb.confã«å
¥ãã¯ãã®ããã§ã
ä»ãããã¯ç§ã«ãšã£ãŠ89è¡ç®ã§ã
çŸåšabuseipdb.confã«ããè¡ã¯
actionban = lgm=$(printf '%%s\n...' "<matches>"); curl --fail --tlsv1.1 --data "key=<abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data "ip=<ip>" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"
ããããã®ããã«å€æŽãããšãã«ãŒã«éšåã¯å°ãªããšãæ©èœããŸã
curl --tlsv1.1 --data 'key=<abuseipdb_apikey>' --data-urlencode "comment=<matches>" --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
```
I have not seen any reports uploaded yet to abuseipdb but I believe that there
is some kind of issue with Debian 9 and the curl and the cipher it is using
Now in my abuseipdb.conf it is now
```ini
actionban = curl --tlsv1.1 --data 'key=<abuseipdb_apikey>' --data-urlencode "comment=<matches>" --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
å€æŽãé©çšããåŸãfail2banãåèµ·åããŸããã
誰ããããã調ã¹ãŠãããŸãããïŒ
ããããšãããããŸããã
ã³ãã³ããå®è¡ããŸã
curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
ã¬ããŒããabuseipdb.comã«é©åã«ã¢ããããŒããããããš
ããã¯ã¢ããããŒãã§ããæ§æã®åé¡ã§ã¯ãªããšæããŸã
ç§ã®jail.localã§ãããããã¯ããã§ã¯åé¡ã§ã¯ãããŸããã ã§ããããã«èŠããŸã
ç§ã®åé¡ã§ãããã®1ã€ã®ã«ãŒã«ã©ã€ã³ã
ãããã£ãŠãéè€å¿çãšããŠéããããŸãã ãµãŒãããŒãã£ïŒããã³å»æ¢ãããïŒã®åé¡ã
ããã®ããã人ã¯å«ããªäººã§ãã ãã®åé¡ã¯ä¿®æ£ãããŠããŸãããææ°ããŒãžã§ã³ã®F2Bã䜿çšããŠããŸãã
ãããŠåé¡ã¯è§£æ±ºãããŠããŸããã 人ã
ãå ±åãããšãããªããŠçµ¶å¯Ÿã«ãã ããªããããžã§ã¯ãã§ããã
åé¡ãšéçºè
ã¯ãããèŠãããšãæåŠããŸãã
ãã®åé¡ã決ããŠæ代é ãã§ã¯ãããŸããïŒ
ããã¯Fail2Banã®åé¡ã§ããããŸãã ããããã蟌ã¿ãŸãç§ã¯å¥ã®è§£æ±ºçãèŠã€ããŸã
ããã®éçºè
ã¯ãšãŠã倧ããã®ã§ãFail2Banã®ãããªå¥ã®ããã°ã©ã ã§
å«ããªäººã
誰ãããªãã®å«ããªäººã§ã¯ãããŸããã§ããã ããªãã¯çç±ããªãæ»æçã§ãã
ããªãã®åé¡ã«è¿ä¿¡ããSebresã¯ãåé¡ãæçš¿ãããã¹ãŠã®äººãå©ããŸãã 圌ã¯çŽ æŽããã芪åã§ãã
圌ã¯ããªããäœãããå¿ èŠãããããããªãã«è©±ããŸããã ææ°ããŒãžã§ã³ããæã¡ã§ã¯ãããŸããã ããªãã¯0.9.xã䜿çšããŠããŸã-圌ã¯0.10.xã«æŽæ°ããããã«ããªãã«èšããŸãã
圌ã¯ãŸããããªããäœãæ±ããŠããã®ã100ïŒ ç¢ºä¿¡ãæãŠãªããšèšã£ãã 圌ã¯èšã£ãïŒããããªããä¿®æ£ãããã³ãã³ãã䜿ã£ãŠããã解決ãããªããããªãã¯ããªãã®ãã®ãããŒãžããããšãã§ããã
ãããŠæåŸã«ãåé¡ã¯fail2banã§ã¯ãªãã䜿çšããŠãããµãŒãããŒãã£ã®ããã°ã©ã ã«ããããã«èŠããŸãã
ãã®ã©ãã圌ããå«ããªäººãã«ããŸããã
ãã®ãããªæ»æçãªç¡ç€Œã§å¯Ÿå¿ããã®ãé©åã ãšæããŠç³ãèš³ãããŸããã Sebresã¯ãã©ã³ãã£ã¢ã§ãããããªãã圌ã䟮蟱ããããã«äŸ®èŸ±ãããã«å€ããŸããã
åãåã£ãçããæ°ã«å ¥ããªããšããçç±ã ãã§ãå®éã«å¥ã®ããã°ã©ã ãæ¢ãã«è¡ãã®ã¯å¥åŠãªããšã§ãã ããã¯ããµãŒããŒã®ã»ãã¥ãªãã£ãåŠçããããã®ã²ããããæ¹æ³ã§ãã
@ thereporter42
v0.9.6ã®åé¡ãå ±åããŸãã...
Neiterãã®ææ°ããŒãžã§ã³ã§ãã ïŒããã¯0.10.4ãš0.11ã§ãïŒã
ãŸããããã¯fail2ban selfã®åé¡ã§ã¯ãããŸããïŒããã«ãããã§éçºãããŠããªããã®ã«å¯Ÿããæ§æãŸãã¯ã¢ã¯ã·ã§ã³ïŒã
ããã«ãåé¡ãå ±åããããã®ééã£ãå ŽæãèŠã€ããŸããïŒããã¯éçºè
ãªããžããªã§ãããããåºæ¬çã«ãfail2banãšãã®æ§æãååŸããå Žæã§ã¯ãããŸããïŒã
ãããŠæåŸã«å€§äºãªããšãèšãå¿ããŸãããããã®äž»é¡ã¯ãã§ã«äœåºŠãè°è«ãããŠãããç§ã«ã¯ãã®èª¬æãäœåºŠãç¹°ãè¿ãæéãæå³ããããŸããã
ãããŠä»ãããªãã倧人ãäŒè©±ã«åå ããæ¹æ³ã®åºæ¬ååãç解ããŠããªãéããé»ã£ãŠããªãã®èŠæ ãä»ã®å Žæã«çœ®ããŠãã ããã
ããªãã®ãããªäººã ã¯ãªãŒãã³ãœãŒã¹ã®äžçãç Žå£ããŸãããªããªããããããããããžã§ã¯ãã«åå ããããšæã人ã¯èª°ãããªãããã§ã...è²¢ç®ã¯èšããŸã§ããªããæéã®ç¡é§ã§ãã
ãµãŒãããŒãã£ã®ããã°ã©ã ã¯ãããŸã§ãããŸãã...ããã¯ãã¹ãŠFail2Banã«ãã£ãŠå®è¡ãããŸã
action.dãã£ã¬ã¯ããªã«ããã®ã¯confãã¡ã€ã«ã ãã§ãããããã¯ãµãŒãããŒãã£ã§ã¯ãããŸãã
ããã°ã©ã ã ç§ã¯debian9ã§ãææ°ããŒãžã§ã³ãå®è¡ããŠããŸãã
ãããŠãããããŠä»ãé»ã£ãŠããªãã®èŠæ
ãä»ã®å Žæã«çœ®ããŠãã ããããšç§ã«èšã£ãŠãã ãã
ããªããã©ãã ã倧ããªç©Žããããã瀺ããŠããã ãã§ãã
ããããããŠèšé²ã®ããã«ãç§ã¯ãã§ã«confã®ææ°ããŒãžã§ã³ãåŒãåºããŸãã
gitãããšãªã¢ããçŽæ¥ãã¡ã€ã«ãããããç§ã䜿çšããŠãããã®ã§ãã
https://github.com/fail2ban/fail2ban/blob/0.11/config/action.d/abuseipdb.conf
æããã«ããã¯ãµãŒãããŒãã£ã®ããã°ã©ã ã§ã¯ãªããç§ã¯
ãã§ã«ããã«ããæ¢åã®confãã¡ã€ã«ïŒ ç§ããããã¹ãŠ
話ããŠããã®ã¯ããªãããµããŒãããŠãããã®ãã¡ã€ã«ã®ãã¹ãŠã§ãã
ãããŠããªãèªèº«ã®ãªããžããªã«æã£ãŠããŸãã
ããã¯ç§ã話ããŠãããã¡ã€ã«ã§ããabuseipdb.confã§ãã
ããã¯ãµãŒãããŒãã£ã®ããã°ã©ã ã§ã¯ãªããFail2Banã®äžéšã§ãã
ç§ã¯äœãç Žå£ããŠããŸããç§ã¯åé¡ãèµ·ããããšããŠããŸã
Fail2Banãä¿®æ£ãããŸããã ããããããªãã¯ä¿®æ£ããããšã«èå³ããããŸãã
ããªãã®ããã°ã©ã ã«åé¡ãããã®ã§ãå¥ã®ããã°ã©ã ãèŠã€ããŸã
å®è¡ç§ã¯ãããããããéçºãããŠãããéçºè
ãã©ãã«ããã®ããæšæž¬ããŸã
å®éã«æ°ã«ããŸãã
ç§ã¯äœãç Žå£ããŠããŸãããFail2Banã®åé¡ãä¿®æ£ããããšããŠããŸãã
BSããªããfail2banã®ã¡ã€ã³ããã±ãŒãžã®äžéšãšããŠcurlã䜿çšããŠããŠãåé¡ã¯curlèªäœã«ããã®ã§ã¯ãããŸãã
ããã¯ããªãããçŽæ¥æ¥ãconfãã¡ã€ã«ã§äœ¿çšãããŠããããªãã®è¡ã®åé¡ã§ã
ãªããžããª
ãããŠãç§ãèšã£ãããã«ç§ãconfãã¡ã€ã«ãã€ããã ã®ã§ãããã¯ææ°ããŒãžã§ã³ã§ã¯ä¿®æ£ãããŠããŸãã
ææ°ããŒãžã§ã³ããçŽæ¥ãåé¡ã¯åŒãç¶ãçºçããŸãã
ããªããããªããã°ãªããªãã®ã¯ãPARTãšããŠæ¥ããã®åé¡ã®ããã«ããªãã®confãã¡ã€ã«ãä¿®æ£ããããšã§ã
Fail2banããã°ã©ã ã®ã ããã¯ãµãŒãããŒãã£ã®åé¡ã§ã¯ãããŸããã
å°ãªããšããã¢ã¯ã·ã§ã³confãã¡ã€ã«ã«é¢ããã¬ããŒããåãã§åãå
¥ããå¿
èŠããããŸã
ããªããããªãèªèº«ã®ãªããžããªã«å«ããããšããããŠããã¯ããã«åœãŠã¯ãŸããŸãã
ããªãã®äººã
ã¯äœãããããªããã ã®ç©Žã®æã§ã
ããªãã«å ±åãããåé¡ã«ã€ããŠã
ç¹°ãè¿ããŸãããããã§ã®åé¡ã¯ã«ãŒã«ã§ã¯ãªããããªãã®confãã¡ã€ã«ã«ãããŸãã
人ã
ã¯å
šã圹ã«ç«ããªãã
ã«ãŒã«èªäœã¯æ£åžžã«æ©èœããŠããŸããããã¯ãconfãã¡ã€ã«ã®ã¢ã¯ã·ã§ã³è¡ã§ãã
ãããåé¡ã§ãïŒ
confãã¡ã€ã«ã¯ããã±ãŒãžã«ä»å±ããŠããŸãããããã¯ç§ã®ãã®ã§ã¯ãããŸãã
ç§ã¯ãããã®ã¢ã¯ã·ã§ã³ãæåã§èšå®ããããšã¯ãããŸããããã¯
ãããfail2banã«ä»å±ããããã©ã«ãã®ã¢ã¯ã·ã§ã³ã¯3çªç®ã§ã¯ãããŸãã
å
ã®åé¡ã
ç§ã¯åœŒããæã£ãŠããDebianã®ææ°ããŒãžã§ã³ãå®è¡ããŠããŸã
圌ãã®ããã±ãŒãžã§ã æããã«çç±ã«ã€ããŠã¯çç±ãããã«éããããŸãã
圌ãã¯åœŒãã®ããã±ãŒãžã«ææ°ããŒãžã§ã³ãå
¥ããŠããŸãã
ãªã¹ããããããããã¯å°çã®ããã«ãã®ãŒã§ãããç§ã®ãããªäººã
ã®ããã§ã
ãã®äœæè
ãDebianã§ãã®ãããªåé¡ãèŠã€ããŠããŸã
ããã°ã©ã ã¯æ¿èªãæåŠããŸãã
ç¹°ãè¿ããŸããããã®åé¡ã¯ææ°ããŒãžã§ã³ã§ã¯ä¿®æ£ãããŠããŸããã
ãªããžããªããconfãã¡ã€ã«ãååŸããŸããããåé¡ã¯ãŸã ååšããŸãã
ç¹°ãè¿ãã«ãªããŸãããããã¯ããªããæ€èšããããšããæåŠããæå¹ãªã¬ããŒãã§ã
ãŸãã¯èŠãŠã代ããã«ããã«éããŸããã
ç§ã®å ±åã¯ãŸããç§ã®ã«ãŒã«ããŒãžã§ã³ãæ©èœããªããšããåçŽãªãã®ã§ã¯ãããŸããã§ãã
fail2banã䜿çšãããšãç§ã®ã¬ããŒãã¯éââåžžã«è©³çŽ°ã«ãªããç§ã
åé¡ãä¿®æ£ããæ¹æ³ãäžããŸããã ã ãããããã鳎ããããšããã®ããããŠãã ãã
ãã°ã¬ããŒãã«ç°¡åãª1è¡ã®ã¹ããŒãã¡ã³ããæçš¿ããããã«
ããã§ã¯ãããŸããã§ããã
ç¹°ãè¿ããŸããããã®åé¡ã¯è§£æ±ºãããŠããŸããããéçºè
ã¯ãããèŠãããšãæåŠããŠããããã§ãã
ãããŒãããã¯æ¬åœã«ããªããããªãã®ãªããžããªã§æäŸããããªãã®confãã¡ã€ã«ã§ããããšãæå³ããŸã
ãããŠãããªãã¯ããã«é¢ããåé¡ãèŠãªãã®ã§ããïŒ ããªããå°ããã°ããªã貧ããéçºè
èªåã
æãåèã«ãªãã³ã¡ã³ã
誰ãããªãã®å«ããªäººã§ã¯ãããŸããã§ããã ããªãã¯çç±ããªãæ»æçã§ãã
ããªãã®åé¡ã«è¿ä¿¡ããSebresã¯ãåé¡ãæçš¿ãããã¹ãŠã®äººãå©ããŸãã 圌ã¯çŽ æŽããã芪åã§ãã
圌ã¯ããªããäœãããå¿ èŠãããããããªãã«è©±ããŸããã ææ°ããŒãžã§ã³ããæã¡ã§ã¯ãããŸããã ããªãã¯0.9.xã䜿çšããŠããŸã-圌ã¯0.10.xã«æŽæ°ããããã«ããªãã«èšããŸãã
圌ã¯ãŸããããªããäœãæ±ããŠããã®ã100ïŒ ç¢ºä¿¡ãæãŠãªããšèšã£ãã 圌ã¯èšã£ãïŒããããªããä¿®æ£ãããã³ãã³ãã䜿ã£ãŠããã解決ãããªããããªãã¯ããªãã®ãã®ãããŒãžããããšãã§ããã
ãããŠæåŸã«ãåé¡ã¯fail2banã§ã¯ãªãã䜿çšããŠãããµãŒãããŒãã£ã®ããã°ã©ã ã«ããããã«èŠããŸãã
ãã®ã©ãã圌ããå«ããªäººãã«ããŸããã
ãã®ãããªæ»æçãªç¡ç€Œã§å¯Ÿå¿ããã®ãé©åã ãšæããŠç³ãèš³ãããŸããã Sebresã¯ãã©ã³ãã£ã¢ã§ãããããªãã圌ã䟮蟱ããããã«äŸ®èŸ±ãããã«å€ããŸããã
åãåã£ãçããæ°ã«å ¥ããªããšããçç±ã ãã§ãå®éã«å¥ã®ããã°ã©ã ãæ¢ãã«è¡ãã®ã¯å¥åŠãªããšã§ãã ããã¯ããµãŒããŒã®ã»ãã¥ãªãã£ãåŠçããããã®ã²ããããæ¹æ³ã§ãã