Linux sicherheit: Unterschied zwischen den Versionen
Aus Vosp.info
F (Diskussion | Beiträge) |
F (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
| − | Programme | + | =Programme= |
| + | |||
* chkrootkit - Linux rootkit scanner | * chkrootkit - Linux rootkit scanner | ||
* Lynis - Universal security auditing tool and rootkit scanner | * Lynis - Universal security auditing tool and rootkit scanner | ||
| Zeile 16: | Zeile 17: | ||
* https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/ | * https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/ | ||
* https://www.howtoforge.com/faq/how-to-scan-linux-for-malware | * https://www.howtoforge.com/faq/how-to-scan-linux-for-malware | ||
| + | |||
| + | |||
| + | = fail2ban= | ||
| + | |||
| + | den server absichern gegen DoS Angriffe | ||
| + | |||
| + | <source lang=bash> | ||
| + | apt install fail2ban | ||
| + | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | ||
| + | |||
| + | </source> | ||
| + | |||
| + | * wichtig sind die einträge zu verändern, z.B. | ||
| + | <source lang=bash> | ||
| + | # "bantime" is the number of seconds that a host is banned. | ||
| + | bantime = 30m | ||
| + | |||
| + | # A host is banned if it has generated "maxretry" during the last "findtime" | ||
| + | # seconds. | ||
| + | findtime = 20m | ||
| + | |||
| + | # "maxretry" is the number of failures before a host get banned. | ||
| + | maxretry = 2 | ||
| + | </source> | ||
| + | |||
| + | <source lang=bash> | ||
| + | |||
| + | fail2ban-client status sshd | ||
| + | tail -f /var/log/fail2ban.log | ||
| + | </source> | ||
| + | |||
| + | * https://www.thomas-krenn.com/de/wiki/SSH_Login_unter_Debian_mit_fail2ban_absichern | ||
Version vom 2. November 2020, 08:49 Uhr
Programme
- chkrootkit - Linux rootkit scanner
- Lynis - Universal security auditing tool and rootkit scanner
lynis update info
lynis audit system
- rkhunter
rkhunter --update
rkhunter -c
Quellen
- https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/
- https://www.howtoforge.com/faq/how-to-scan-linux-for-malware
fail2ban
den server absichern gegen DoS Angriffe
apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- wichtig sind die einträge zu verändern, z.B.
# "bantime" is the number of seconds that a host is banned.
bantime = 30m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 20m
# "maxretry" is the number of failures before a host get banned.
maxretry = 2
fail2ban-client status sshd
tail -f /var/log/fail2ban.log
