No name
Links
476 | 2022-05-29 11:07:29 |
1) Сделать связку Fail2ban + Mikrotik2) Настроить Fail2ban на защиту zoneminder
ssh -l USERNAME_MIKROTIK -p22 -i /root/.ssh/id_rsa IP_ADDRESS_YOURMICROTIK "$1"
Настройка Mikrotik
[zoneminder]# Zoneminder HTTP/HTTPS web interface auth# Logs auth failures to apache2 error logport = http,httpslogpath = /var/log/apache2/YOURLOGFILE
# Fail2Ban filter for Zoneminder login failures[INCLUDES]before = apache-common.conf[Definition]# pattern: [Wed Apr 27 23:12:07.736196 2016] [:error] [pid 2460] [client 10.1.1.1:47296] WAR [Login denied for user "test"], referer: https://zoneminderurl/index.php# pattern: [Wed Apr 27 23:12:07.736196 2016] [php7:notice] [pid 2460] [client 10.1.1.1:47296] ERR [Login denied for user "test"], referer: https://zoneminderurl/index.php# pattern: [Wed Apr 27 23:12:07.736196 2016] [php7:notice] [pid 2460] [client 10.1.1.1:47296] ERR [Could not retrieve user test details], referer: https://zoneminderurl/index.php## Option: failregex# Notes.: regex to match the password failure messages in the logfile.#failregex =failregex = ^%(_apache_error_client)s WAR \[Login denied for user "[^"]*"\]^\[\](?: \[php:notice\])?(?: \[pid \d+\])? \[client <HOST>:\d+\] ERR \[Login denied for user "[^"]*"\]^\[\](?: \[php:notice\])?(?: \[pid \d+\])? \[client <HOST>:\d+\] ERR \[Could not retrieve user [^"]*\]ignoreregex =# Notes:# Tested on Zoneminder 1.34.9## Author: John Marzella# Edited: Sagitt Cyber
[Definition]actionstart =actionstop =actioncheck =actionban = mikrotik ":ip firewall address-list add list=fail2ban address=<ip> comment=Autofail2Ban-<ip>"actionunban = mikrotik ":ip firewall address-list remove [:ip firewall address-list find comment=Autofail2Ban-<ip>]"
[zoneminder]enabled = trueaction = mikrotik