Created custom jail: UFW-probe to catch port-probing.
This commit is contained in:
parent
f03c94c8eb
commit
3268998234
31
.vscode/settings.json
vendored
Normal file
31
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"cSpell.enabledLanguageIds": [
|
||||||
|
"asciidoc",
|
||||||
|
"c",
|
||||||
|
"cpp",
|
||||||
|
"csharp",
|
||||||
|
"css",
|
||||||
|
"go",
|
||||||
|
"handlebars",
|
||||||
|
"html",
|
||||||
|
"jade",
|
||||||
|
"javascript",
|
||||||
|
"javascriptreact",
|
||||||
|
"json",
|
||||||
|
"latex",
|
||||||
|
"less",
|
||||||
|
"markdown",
|
||||||
|
"php",
|
||||||
|
"plaintext",
|
||||||
|
"properties",
|
||||||
|
"pub",
|
||||||
|
"python",
|
||||||
|
"restructuredtext",
|
||||||
|
"rust",
|
||||||
|
"scss",
|
||||||
|
"text",
|
||||||
|
"typescript",
|
||||||
|
"typescriptreact",
|
||||||
|
"yml"
|
||||||
|
]
|
||||||
|
}
|
25
etc/fail2ban/jail.d/ufw-probe.conf
Normal file
25
etc/fail2ban/jail.d/ufw-probe.conf
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
[ufw-probe]
|
||||||
|
|
||||||
|
# We specify all ports since probing attacks are not limited to any one port.
|
||||||
|
port = all
|
||||||
|
|
||||||
|
# This should be specified in your jail.conf but we'll put it here just in case.
|
||||||
|
# The localhost might have reasons to probe itself, so it should never be
|
||||||
|
# blocked.
|
||||||
|
ignoreip = 127.0.0.1/8 ::1
|
||||||
|
|
||||||
|
# By default, UFW logs to this location. Update as necessary to suit your
|
||||||
|
# enviroment.
|
||||||
|
logpath = /var/log/ufw.log
|
||||||
|
|
||||||
|
# Although timeframes are set in the jail.local, you might want to independently
|
||||||
|
# control them for this particular filter so it's more/less aggressive.
|
||||||
|
maxretry = 5
|
||||||
|
findtime = 300
|
||||||
|
|
||||||
|
# Because this is a custom filter, we need to point F2B to our custom filter. If
|
||||||
|
# you changed the name of that filter file, then update it here without the
|
||||||
|
# '.conf' part.
|
||||||
|
filter = ufw-probe
|
||||||
|
|
||||||
|
enabled = true
|
Loading…
Reference in New Issue
Block a user