Linux sicherheit: Unterschied zwischen den Versionen
Aus Vosp.info
F (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „ Programme * chkrootkit - Linux rootkit scanner * Lynis - Universal security auditing tool and rootkit scanner <source lang=bash> lynis update info lynis audit…“) |
F (Diskussion | Beiträge) (→fail2ban) |
||
(10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
+ | = allgemein = | ||
+ | |||
+ | * https://vosp.netz.coop/index.php/Ssh#sshd | ||
+ | |||
+ | = Live Überwachen = | ||
+ | |||
+ | <source lang=bash> | ||
+ | # htop - bessere form von top | ||
+ | htop | ||
+ | # uptime - wie lange der rechner online ist und wieviele cpu kerne seit 1m/5m/15m durchschnittlich genutzt wurden | ||
+ | uptime | ||
+ | # letzte neustarts | ||
+ | last reboot | ||
+ | </source> | ||
+ | |||
+ | =Programme= | ||
− | |||
* chkrootkit - Linux rootkit scanner | * chkrootkit - Linux rootkit scanner | ||
* Lynis - Universal security auditing tool and rootkit scanner | * Lynis - Universal security auditing tool and rootkit scanner | ||
Zeile 6: | Zeile 21: | ||
lynis update info | lynis update info | ||
lynis audit system | lynis audit system | ||
+ | </source> | ||
+ | * rkhunter | ||
+ | <source lang=bash> | ||
+ | rkhunter --update | ||
+ | rkhunter -c | ||
</source> | </source> | ||
== Quellen == | == Quellen == | ||
* https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/ | * https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/ | ||
+ | * https://www.howtoforge.com/faq/how-to-scan-linux-for-malware | ||
+ | |||
+ | |||
+ | = fail2ban= | ||
+ | |||
+ | == installation / konfiguration == | ||
+ | den server absichern gegen DoS Angriffe | ||
+ | |||
+ | <source lang=bash> | ||
+ | apt install fail2ban | ||
+ | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | ||
+ | |||
+ | </source> | ||
+ | |||
+ | * wichtig sind die einträge zu verändern, z.B. | ||
+ | <source lang=bash> | ||
+ | # "bantime" is the number of seconds that a host is banned. | ||
+ | bantime = 30m | ||
+ | |||
+ | # A host is banned if it has generated "maxretry" during the last "findtime" | ||
+ | # seconds. | ||
+ | findtime = 20m | ||
+ | |||
+ | # "maxretry" is the number of failures before a host get banned. | ||
+ | maxretry = 2 | ||
+ | </source> | ||
+ | |||
+ | * Befehle | ||
+ | <source lang=bash> | ||
+ | systemctl restart fail2ban.service | ||
+ | fail2ban-client status sshd | ||
+ | tail -f /var/log/fail2ban.log | ||
+ | </source> | ||
+ | |||
+ | * https://www.thomas-krenn.com/de/wiki/SSH_Login_unter_Debian_mit_fail2ban_absichern | ||
+ | * https://wiki.ubuntuusers.de/fail2ban/ | ||
+ | |||
+ | == gebannte == | ||
+ | |||
+ | * https://www.fail2ban.org/wiki/index.php/Whitelist | ||
+ | |||
+ | === zeige gebannte === | ||
+ | |||
+ | <source lang=bash> | ||
+ | zgrep 'Ban' /var/log/fail2ban.log* | ||
+ | |||
+ | </source> | ||
+ | |||
+ | === unban === | ||
+ | |||
+ | <source lang=bash> | ||
+ | #fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE | ||
+ | fail2ban-client set sshd unbanip 8.1.8.1 | ||
+ | |||
+ | </source> |
Aktuelle Version vom 28. März 2022, 10:29 Uhr
Inhaltsverzeichnis
allgemein
Live Überwachen
# htop - bessere form von top
htop
# uptime - wie lange der rechner online ist und wieviele cpu kerne seit 1m/5m/15m durchschnittlich genutzt wurden
uptime
# letzte neustarts
last reboot
Programme
- chkrootkit - Linux rootkit scanner
- Lynis - Universal security auditing tool and rootkit scanner
lynis update info
lynis audit system
- rkhunter
rkhunter --update
rkhunter -c
Quellen
- https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/
- https://www.howtoforge.com/faq/how-to-scan-linux-for-malware
fail2ban
installation / konfiguration
den server absichern gegen DoS Angriffe
apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- wichtig sind die einträge zu verändern, z.B.
# "bantime" is the number of seconds that a host is banned.
bantime = 30m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 20m
# "maxretry" is the number of failures before a host get banned.
maxretry = 2
- Befehle
systemctl restart fail2ban.service
fail2ban-client status sshd
tail -f /var/log/fail2ban.log
- https://www.thomas-krenn.com/de/wiki/SSH_Login_unter_Debian_mit_fail2ban_absichern
- https://wiki.ubuntuusers.de/fail2ban/
gebannte
zeige gebannte
zgrep 'Ban' /var/log/fail2ban.log*
unban
#fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE
fail2ban-client set sshd unbanip 8.1.8.1