Archive for May, 2023
instalar ansible en debian 11
# Instalacion parto de un debian 11 con esta guia
# https://www.howtoforge.com/how-to-install-and-use-ansible-on-debian-11/
# El controlador es uno y tiene su ip 192.168.0.10
sudo apt-get install gnupg2 curl wget -y
sudo vi /etc/apt/sources.list
deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
sudo apt-get update
sudo apt-get install ansible -y
ansible --version
vi .hosts
[servers]
ubuntu1 ansible_host=192.168.0.194 ansible_user=usuario ansible_ssh_pass=clave ansible_ssh_port=22
ansible -i .hosts -m ping all
ansible -i .hosts -m shell -a "free -m"
crowdsec
# Me guio de https://docs.crowdsec.net/docs/getting_started/install_crowdsec/
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
sudo apt install crowdsec crowdsec-firewall-bouncer-iptables -y
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: Key is stored in legacy
# Solucion sacada de
# https://itsfoss.com/key-is-stored-in-legacy-trusted-gpg/
# El error
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
# La solucion que me anduvo
sudo cp /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d
fail2ban en debian 11
# Me guio de
# https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-debian-11
# Un update
sudo apt update
# Instalo fail2ban y iptables
sudo apt install fail2ban iptables -y
# Reviso que este funcionando el servicio
systemctl status fail2ban.service
# Ingreso al directorio de configuracion
cd /etc/fail2ban
# Copio el original y la copia la hago con otro nombre
sudo cp jail.conf jail.local
# Uso esa copia
sudo vi jail.local
# Algunas opciones basicas que uso
[DEFAULT]
bantime = 100d
findtime = 10m
maxretry = 3
# Esto no lo necesito
#destemail = root@localhost
#sender = root@<fq-hostname>
#mta = sendmail
action = $(action_)s
[jail_to_enable]
enabled = true
# Reinicio fail2ban
sudo systemctl restart fail2ban
# Reviso las reglas de iptables
sudo iptables -S
# Filtro lo que quiero de fail2ban en iptables
sudo iptables -S | grep f2b
# La parte wordpress la saco de
# https://help.clouding.io/hc/es/articles/360019516239-C%C3%B3mo-a%C3%B1adir-una-jail-en-Fail2ban-para-WordPress
# Edito mi filtro para wordpress
sudo vi /etc/fail2ban/filter.d/wordpress.conf
# Esta es la definicion que busco en el log
[Definition]
failregex = ^<HOST> .* "POST .*wp-login.php
^<HOST> .* "POST .*xmlrpc.php
# Edito mi archivo de configuracion de fail2ban
sudo vi /etc/fail2ban/jail.local
# Agrego el servicio a revisar
[wordpress]
enabled = true
filter = wordpress
port = http,https
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/apache2/*error.log
maxretry = 3
findtime = 10m
bantime = 100d
# Recargo configuracion de fail2ban
sudo systemctl reload fail2ban.service
# Veo el estado de fail2ban client y de wordpress
sudo fail2ban-client status
sudo fail2ban-client status wordpress
# Para quitar un ban a una ip
fail2ban-client set wordpress unbanip DIRECCIONIP
fail2ban
# me guio de https://www.howtoforge.com/how-to-install-fail2ban-on-ubuntu-22-04/
sudo ufw status
sudo apt install ufw -y
sudo ufw allow ssh
sudo ufw enable
sudo ufw status
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl status fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 192.168.10.20
bantime = 1d
findtime = 10m
maxretry = 5
action = %(action_mw)s
destemail = admin@hwdomain.io
sender = root@hwdomain.io
banaction = ufw
[sshd]
enabled = true
maxretry = 3
findtime = 1d
bantime = 1w
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
sudo systemctl restart fail2ban
sudo fail2ban-client status sshd
sudo fail2ban-client set sshd banip IP-ADDRESS
sudo fail2ban-client set sshd unbanip IP-ADDRESS
sudo fail2ban-client status sshd
error al conectar por ssh 2 parte
# La solucion la saco de
# https://cambiatealinux.com/error-al-conectar-por-ssh-no-matching-host-key-type-found
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss root@10.2.0.160
Comentarios recientes