Mantykora 7's questions

解决方案

##阻止来自远程主机的 DOS 攻击。

[http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

操作系统： Ubuntu 服务器 20.10

Http服务器：阿帕奇

当我将规则（阻止来自远程主机的 DOS 攻击）添加到 jail.conf 时，fail2ban 停止工作。我在一些教程中得到了这样的配置，但它们是 Ubuntu 16 和 18。

enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

/etc/fail2ban/filter.d

http-get-dos.conf

# Fail2Ban configuration file 
[Definition]
failregex = ^<HOST> -.*"(GET|POST).* 
ignoreregex =

sudo systemctl status fail2ban

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2021-01-07 09:05:29 UTC; 1h 23min ago
       Docs: man:fail2ban(1)
    Process: 82878 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
    Process: 82879 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=255/EXCEPTION)
   Main PID: 82879 (code=exited, status=255/EXCEPTION)

Jan 07 09:05:29 urial systemd[1]: Starting Fail2Ban Service...
Jan 07 09:05:29 urial systemd[1]: Started Fail2Ban Service.
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,370 fail2ban                [82879]: ERROR   Failed during configuration: While reading from '/etc/fail2ban/jail.local' [l>
Jan 07 09:05:29 urial fail2ban-server[82879]: 2021-01-07 09:05:29,372 fail2ban                [82879]: ERROR   Async configuration of server failed
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Main process exited, code=exited, status=255/EXCEPTION
Jan 07 09:05:29 urial systemd[1]: fail2ban.service: Failed with result 'exit-code'.

/etc/fail2ban$ cat jail.local

wlodek@urial:/etc/fail2ban$ cat jail.local
 ##To block failed login attempts use the below jail. 
[sshd]
enable = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretray = 3
findtime = 300
bandtime = 86400
ignoreip = 127.0.0.1  

##To block failed login attempts use the below jail. 
[apache] 
enabled = true 
port = http,https 
filter = apache-auth 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to request suspicious URLs, use the below jail. 
[apache-overflows] 
enabled = true 
port = http,https 
filter = apache-overflows 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail. 
[apache-noscript] 
enabled = true 
port = http,https 
filter = apache-noscript 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To block the remote host that is trying to request malicious bot, use below jail. 
[apache-badbots] 
enabled = true 
port = http,https 
filter = apache-badbots 
logpath = /var/log/apache2/*error.log 
maxretry = 3 
bantime = 600 
ignoreip = 127.0.0.1
 
##To stop DOS attack from remote host. [http-get-dos] 
enabled = true 
port = http,https 
filter = http-get-dos 
logpath = /var/log/apache*/access.log 
maxretry = 400 
findtime = 400 
bantime = 200 
ignoreip = 127.0.0.1
action = iptables[name=HTTP, port=http, protocol=tcp]

我不知道如何在 Lan#1 192.168.1.0 和 Lan#2 192.168.10.0 之间进行路由。我尝试使用静态路由set protocols static route 0.0.0.0/0 next-hop 192.168.10.0 distance '1'，但我不明白。

1. 接口

run show interfaces ethernet 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             192.168.1.222/24                  u/u  OUTSIDE 
eth1             192.168.10.1/24                   u/u  INSIDE 

2.网关

gateway-address 192.168.1.1

3. NAT

我可以做下一个 NAT，然后有路由和互联网，但这（网络中的 2 x NAT）不正确

edit nat source r 1
set outbound-interfeace eth0
set source address 192.168.10.0/24
set translation address masquerade

安装Ubuntu Server 16 LTS后，没有 usb 2.0。我无法连接鼠标、键盘、光盘、pendrive 等 在 USB 3.0 上它可以工作。

主板 - 新技嘉 - GA-970A-DS3P

我可以通过以下方式安装 Windows 共享驱动器：

mount.cifs //192.168.1.151/_wymiana /mnt/share_2 -o user=wega,password=1234

但我不能这样：

mount.cifs //192.168.1.151/_wymiana /mnt/share_2 -o credentials=/root/.smbcredential_2

cat .smbcredential_2
username=wega   
password=1234

使用 strace 进行调试

strace -f -e trace=mount mount -t cifs //192.168.1.151/_wymiana /mnt/share_2 -o credentials=/root/.smbcredential_2
Process 3338 attached
Process 3339 attached
[pid  3339] +++ exited with 0 +++
[pid  3338] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3339, si_status=0, si_utime=0, si_stime=0} ---
[pid  3338] mount("//192.168.1.151/_wymiana", ".", "cifs", 0, "ip=192.168.1.151,unc=\\\\192.168.1"...) = -1 EACCES (Permission denied)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
[pid  3338] +++ exited with 32 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3338, si_status=32, si_utime=0, si_stime=0} ---
+++ exited with 32 +++

预先感谢您的帮助