Até que enfim consegui um tutorial muito bom e repasso a todos aqui com a referência a seguir:
Boa sorte.
- NOTA:
- O protocolo ftp é um protocolo considerado inseguro, uma vez que os nomes de utilizadores e senhas são transmitidas em texto simples, sem qualquer tipo de protecção, pelo que são facilmente capturadas por terceiros. Por este motivo, o servidor ftp deve ser utilizador apenas dentro do ambiente relativamente seguro de uma rede interna. Caso se pretenda utilizar um servidor ftp de modo seguro deve ser adicionado o suporte para TLS (Ver: Proftpd + TLS/SSL)
root@server:~# aptitude install proftpd-basic proftpd-doc
#[...]
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
#[...]
#[...]
ServerName "Debian"
ServerType standalone
DeferWelcome off
#[...]
root@server:~# /etc/init.d/proftpd restart
#[...]
# Use this to jail all users in their homes
DefaultRoot ~
#[...]
#[...]
DefaultRoot ~/ftp
#[...]
fribeiro@server:~$ mkdir ~/ftp
root@server:~# /etc/init.d/proftpd restart
root@server:~# aptitude install fail2ban whois
- NOTA:
- A configuração activada durante a instalação activa o fail2ban para a porta ssh. No entanto outras portas podem ser monitorizadas e protegidas.
root@server:~# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# [...]
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.0/24
bantime = 1800
maxretry = 3
# [...]
# [...]
#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = root@localhost
# [...]
# [...]
#
# ACTIONS
#
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overriden globally or per
# section within jail.local file
banaction = iptables-multiport
# [...]
#
# Action shortcuts. To be used to define action parameter
# [...]
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mwl)s
# [...]
# [...]
#
# JAILS
#
# [...]
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
# [...]
root@server:~# /etc/init.d/fail2ban restart
Subject: [Fail2Ban] ssh: started
From: Fail2Ban
To: root@localhost
Date: Tue, 13 Jan 2011 22:14:28 +0000 (WET)
Hi,
The jail ssh has been started successfully.
Regards,
Fail2Ban
Subject: [Fail2Ban] ssh: banned 219.143.232.144
From: Fail2Ban
To: root@localhost
Date: Tue, 13 Jan 2011 22:25:06 +0000 (WET)
Hi,
The IP 219.143.232.144 has just been banned by Fail2Ban after
3 attempts against ssh.
Here are more information about 219.143.232.144:
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 219.143.232.0 - 219.143.233.127
netname: Sinotrans-Air-Transport-Development-Co-Ltd
country: CN
descr: 16F Building A Jinyun Plaza,NO.43 Xizhimen South Street,Xicheng District, Beijing,P.R.China
admin-c: HC55-AP
tech-c: HC55-AP
status: ASSIGNED NON-PORTABLE
changed: bjnic@bjtelecom.net 20071010
mnt-by: MAINT-CHINANET-BJ
source: APNIC
person: Hostmaster of Beijing Telecom corporation CHINA TELECOM
nic-hdl: HC55-AP
e-mail: bjnic@bjtelecom.net
address: Beijing Telecom
address: No. 107 XiDan Beidajie, Xicheng District Beijing
phone: +86-010-58503461
fax-no: +86-010-58503054
country: cn
changed: bjnic@bjtelecom.net 20040115
mnt-by: MAINT-CHINATELECOM-BJ
source: APNIC
Lines containing IP:219.143.232.144 in /var/log/auth.log
Dec 21 23:40:54 server sshd[4311]: Did not receive identification string from 219.143.232.144
Dec 21 23:44:19 server sshd[4318]: Invalid user globus from 219.143.232.144
Dec 21 23:44:19 server sshd[4318]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.143.232.144
Dec 21 23:44:21 server sshd[4318]: Failed password for invalid user globus from 219.143.232.144 port 43536 ssh2
Dec 21 23:44:22 server sshd[4320]: Invalid user marine from 219.143.232.144
Dec 21 23:44:22 server sshd[4320]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.143.232.144
Regards,
Fail2Ban
Referência: Site do PinguimRibeiro
- NOTA:
- O pacote Fail2Ban pode ser utilizado para proteger servidores de e-mail, ftp, web, etc, bastando para tal editar o ficheiro /etc/fail2ban/jail.local para configurar os vários serviços que se pretendem proteger.