From 3268998234de69069ab242bd4c9574469fab048b Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Sat, 29 Sep 2018 17:22:46 -0600 Subject: [PATCH] Created custom jail: UFW-probe to catch port-probing. --- .vscode/settings.json | 31 ++++++++++++++++++++++++++++++ etc/fail2ban/jail.d/ufw-probe.conf | 25 ++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 etc/fail2ban/jail.d/ufw-probe.conf diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..11efc9a --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,31 @@ +{ + "cSpell.enabledLanguageIds": [ + "asciidoc", + "c", + "cpp", + "csharp", + "css", + "go", + "handlebars", + "html", + "jade", + "javascript", + "javascriptreact", + "json", + "latex", + "less", + "markdown", + "php", + "plaintext", + "properties", + "pub", + "python", + "restructuredtext", + "rust", + "scss", + "text", + "typescript", + "typescriptreact", + "yml" + ] +} \ No newline at end of file diff --git a/etc/fail2ban/jail.d/ufw-probe.conf b/etc/fail2ban/jail.d/ufw-probe.conf new file mode 100644 index 0000000..50a25da --- /dev/null +++ b/etc/fail2ban/jail.d/ufw-probe.conf @@ -0,0 +1,25 @@ +[ufw-probe] + +# We specify all ports since probing attacks are not limited to any one port. +port = all + +# This should be specified in your jail.conf but we'll put it here just in case. +# The localhost might have reasons to probe itself, so it should never be +# blocked. +ignoreip = 127.0.0.1/8 ::1 + +# By default, UFW logs to this location. Update as necessary to suit your +# enviroment. +logpath = /var/log/ufw.log + +# Although timeframes are set in the jail.local, you might want to independently +# control them for this particular filter so it's more/less aggressive. +maxretry = 5 +findtime = 300 + +# Because this is a custom filter, we need to point F2B to our custom filter. If +# you changed the name of that filter file, then update it here without the +# '.conf' part. +filter = ufw-probe + +enabled = true