ADD fail2ban

docs/Other/fail2ban.md

@@ -0,0 +1,77 @@
+### Установка
+
+```bash
+sudo apt update && sudo apt install fail2ban -y
+```
+### Настройка
+
+```bash
+# рекомендуется, но необязательно
+cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 
+```
+
+- `vi /etc/fail2ban/jail.local`
+```bash
+[DEFAULT]
+ignoreip = 127.0.0.1/8 ::1
+
+[sshd]
+enabled = true
+port = 10001
+#Для Debian добавить:
+#backend = systemd
+# Если в течении 24 часов
+findtime = 86400
+# произведено 3 неудачных попытки логина,
+maxretry = 3
+# то банить IP навсегда.
+bantime = -1
+
+[nginx-bad-request]
+enabled = true
+port = http,https
+filter = nginx-bad-request
+logpath = /var/log/nginx/*access.log
+maxretry = 3
+findtime = 5m
+bantime = 24h
+
+[nginx-http-auth]
+enabled = true
+port = http,https
+filter = nginx-http-auth
+logpath = /var/log/nginx/*error.log
+maxretry = 3
+findtime = 5m
+bantime = 24h
+
+[nginx-botsearch]
+enabled = true
+port = http,https
+filter = nginx-botsearch
+logpath = /var/log/nginx/*access.log
+maxretry = 5
+findtime = 10m
+bantime = 24h
+
+[nginx-limit-req]
+enabled = true
+filter = nginx-limit-req
+logpath = /var/log/nginx/*error.log
+maxretry = 100
+findtime = 30
+bantime = 24h
+```
+
+- Проверка
+```bash 
+fail2ban-server -t
+fail2ban-client reload
+fail2ban-client status        
+fail2ban-client status sshd    # Статус защиты SSH
+fail2ban-client status nginx-bad-reauest
+fail2ban-client status nginx-botsearch
+fail2ban-client status nginx-http-auth
+fail2ban-client status nginx-limit-req
+tail -f /var/log/fail2ban.log 
+```