| Line 16: | Line 16: | ||
=== fail2ban === | === fail2ban === | ||
Fail2Ban is an intrusion prevention software framework that protects devices from brute-force attacks. Fail2Ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.<ref>https://en.wikipedia.org/wiki/Fail2ban</ref> | Fail2Ban is an intrusion prevention software framework that protects devices from brute-force attacks. Fail2Ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.<ref>https://en.wikipedia.org/wiki/Fail2ban</ref> | ||
| + | |||
| + | The primary purpose of fail2ban is to jail services. When a service, such as SSHd, is jailed, then fail2ban will continuously look in the log(s) of that service for possible repeated attempts. The moment that a given number (maxretry) of attempts is detected within a particular time window (findtime) then a blocking rule (such as through iptables) is automatically set for a given time period (bantime).<ref>https://wiki.gentoo.org/wiki/Fail2ban</re> | ||
| + | |||
<pre> | <pre> | ||
LYSH@MyHostName# configure | LYSH@MyHostName# configure | ||
configure# fail2ban -h | configure# fail2ban -h | ||
| + | usage: fail2ban add [-h] [<1->] [<1->] [<1->] | ||
positional arguments: | positional arguments: | ||
| − | + | <1-> Enter the number of seconds that a host is banned | |
| − | + | <1-> Enter the length of time between login attempts before a ban is set | |
| − | + | <1-> how many attempts can be made to access the server before a ban is imposed | |
| − | + | ||
| + | detaul 10, 10, 5 | ||
</pre> | </pre> | ||
If you want to verify the current configuration, enter the <code>show system fail2ban</code> after exit from the configuration mode. | If you want to verify the current configuration, enter the <code>show system fail2ban</code> after exit from the configuration mode. | ||
| + | <pre> | ||
| + | LYSH@MyHostName# show system fail2ban | ||
| + | fail2ban(ssh) : inactive, bantime:1m, findtime:1d, maxretry:5 | ||
| + | </pre> | ||
=== failover === | === failover === | ||
Revision as of 10:48, 22 April 2021
You can add, change, or delete configuration variables in the Configuration Mode. You can enter the configuration mode using the configure command. To exit from the configuration mode, enter the exit command.
If you enter the help command in the configuration mode, you can see all commands of the mode.
LYSH@MyHostName# configure configure# help
database
Please refer to the CLI - Database section.
dhcpv4, dhcpv6
Please refer to the CLI - Services(daemons) section.
fail2ban
Fail2Ban is an intrusion prevention software framework that protects devices from brute-force attacks. Fail2Ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.[1]
The primary purpose of fail2ban is to jail services. When a service, such as SSHd, is jailed, then fail2ban will continuously look in the log(s) of that service for possible repeated attempts. The moment that a given number (maxretry) of attempts is detected within a particular time window (findtime) then a blocking rule (such as through iptables) is automatically set for a given time period (bantime).<ref>https://wiki.gentoo.org/wiki/Fail2ban</re>
LYSH@MyHostName# configure configure# fail2ban -h usage: fail2ban add [-h] [<1->] [<1->] [<1->] positional arguments: <1-> Enter the number of seconds that a host is banned <1-> Enter the length of time between login attempts before a ban is set <1-> how many attempts can be made to access the server before a ban is imposed detaul 10, 10, 5
If you want to verify the current configuration, enter the show system fail2ban after exit from the configuration mode.
LYSH@MyHostName# show system fail2ban fail2ban(ssh) : inactive, bantime:1m, findtime:1d, maxretry:5
failover
Please refer to the CLI - System Failover section.
history
hostname
Please refer to the CLI - Hostname section.
ip
Please refer to the CLI - Networking section.
log
logexp
Please refer to the CLI - Services(daemons) section.
loghost
It is the configuration for syslog to log remotely.
LYSH@MyHostName# configure configure# loghost add -h usage: loghost add [-h] <A.B.C.D|WORD> [<[1-65535]>] [<[WORD]>]
To send all logs to the remote server whose address is 192.168.0.100 and port is the default Syslog port(514).
configure# loghost add 192.168.0.100
To send all logs to the remote server whose address is 192.168.0.100 and port is 1000.
configure# loghost add 192.168.0.100 1000
To send logs whose level is greater than or equal to "notice" to the remote server whose address is 192.168.0.100 and port is 1000.
configure# loghost add 192.168.0.100 1000 notice
nameserver
You can add or delete a nameserver of a network interface.
LYSH@MyHostName# configure configure# nameserver add eth0 8.8.8.8 // add a nameserver, 8.8.8.8, into the eth0 interface. configure# nameserver delete eth0 8.8.4.4 // delete a nameserver, 8.8.8.8, from the eth0 interface.
netplan
You can apply the network configuration immediately.
LYSH@MyHostName# configure configure# netplan apply
ntp
You can configure the Network Time Protocol (NTP) server.
LYSH@MyHostName# configure configure# ntp add ntp.ubuntu.com
rtlog
Please refer to the CLI - Services(daemons) section.
system
timezone
You can configure the timezone of the device.
LYSH@MyHostName# configure configure# tiemzone