{"id":821,"date":"2015-01-09T17:00:58","date_gmt":"2015-01-09T15:00:58","guid":{"rendered":"http:\/\/www.h-hennes.fr\/blog\/?p=821"},"modified":"2015-01-09T17:00:58","modified_gmt":"2015-01-09T15:00:58","slug":"securiser-votre-serveur-dedie-installation-de-fail2ban","status":"publish","type":"post","link":"https:\/\/www.h-hennes.fr\/blog\/2015\/01\/09\/securiser-votre-serveur-dedie-installation-de-fail2ban\/","title":{"rendered":"S\u00e9curiser votre serveur d\u00e9di\u00e9 : installation de fail2ban"},"content":{"rendered":"<p>Votre serveur web, comme toutes les machines connect\u00e9es \u00e0 internet et soumis en permanence \u00e0 des tentatives d&rsquo;intrusions.<br \/>\nLe votre n&rsquo;\u00e9chappe n&rsquo;y \u00e9chappe sans doute pas&#8230;<br \/>\nPour le constater il vous suffit de consulter le fichier d&rsquo;authentification<\/p>\n<pre lang=\"bash\">sudo vim \/var\/log\/auth.log\r\n<\/pre>\n<p>En parcourant son contenu de nombreuses lignes comme sur la capture ci-dessous apparaissent :<\/p>\n<p><a href=\"https:\/\/www.h-hennes.fr\/blog\/wp-content\/uploads\/2015\/01\/auth-log.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-822\" src=\"https:\/\/www.h-hennes.fr\/blog\/wp-content\/uploads\/2015\/01\/auth-log.jpg\" alt=\"Logs authentification\" width=\"780\" height=\"257\" srcset=\"https:\/\/www.h-hennes.fr\/blog\/wp-content\/uploads\/2015\/01\/auth-log.jpg 780w, https:\/\/www.h-hennes.fr\/blog\/wp-content\/uploads\/2015\/01\/auth-log-300x99.jpg 300w\" sizes=\"auto, (max-width: 780px) 100vw, 780px\" \/><\/a><\/p>\n<p>Ces lignes sont les signes de tentative d&rsquo;intrusions sur votre serveur, via une connexion ssh.<\/p>\n<p>Ces tentatives sont quasiment impossible \u00e0 \u00e9viter, cependant pour limiter au maximum ces d\u00e9sagr\u00e9ments, il est donc conseill\u00e9 d&rsquo;installer un outil tel que <strong>Fail2ban<\/strong>.<br \/>\nCelui-ci \u00e9tudie les logs de votre serveur et vous permet de bloquer les utilisateurs qui tentent d&rsquo;exploiter les failles de votre serveur.<br \/>\nSa modularit\u00e9 lui permets de s&rsquo;adapter \u00e0 l&rsquo;ensemble des besoins de s\u00e9curit\u00e9 de vos serveur.<\/p>\n<p>Pour l&rsquo;installer il faut ex\u00e9cuter la commande suivante :<\/p>\n<pre lang=\"bash\">sudo apt-get install fail2ban\r\n<\/pre>\n<p>Une fois fail2ban install\u00e9, nous pouvons consulter sa configuration situ\u00e9e dans le fichier <em>\/etc\/fail2bn\/jail.conf<\/em><br \/>\nMais, afin de pouvoir conserver les param\u00e8tres par d\u00e9faut nous allons copier ce fichier vers un fichier sp\u00e9cifique :\u00a0 <em>jail.local<\/em> via la commande suivante<\/p>\n<pre lang=\"bash\">sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\r\n<\/pre>\n<p>Puis consulter le fichier copi\u00e9<\/p>\n<pre lang=\"bash\">sudo vim \/etc\/fail2ban\/jail.local\r\n<\/pre>\n<p>Dans ce fichier vous trouverez les configurations des services de base sur vos serveurs : ssh, clients ftps, clients mails &#8230;<\/p>\n<p>La dur\u00e9e de bannissement (en secondes )est situ\u00e9e sur la ligne suivante, par d\u00e9faut elle est de 600, mais en g\u00e9n\u00e9ral je la passe \u00e0 86400 (24H)<\/p>\n<pre lang=\"bash\"># \"bantime\" is the number of seconds that a host is banned.\r\nbantime\u00a0 = 86400\r\n<\/pre>\n<p>Par d\u00e9fault, seul le filtrage SSH est actif, pour celui-ci je limite le maximum d&rsquo;essais \u00e0 3 ce qui est largement suffisant<\/p>\n<pre lang=\"bash\">[ssh]\r\n\r\nenabled\u00a0 = true\r\nport\u00a0\u00a0\u00a0\u00a0 = ssh\r\nfilter\u00a0\u00a0 = sshd\r\nlogpath\u00a0 = \/var\/log\/auth.log\r\nmaxretry = 3\r\n<\/pre>\n<p>Si vous utiliser un serveur ftp vous pouvez \u00e9galement activer la r\u00e8gle pour votre service ftp appropri\u00e9 : ( vsftp,proftd,pureftpd,wuftp ), pour ma part c&rsquo;est proftpd<\/p>\n<pre lang=\"bash\">[proftpd]\r\n\r\nenabled\u00a0 = true\r\nport\u00a0\u00a0\u00a0\u00a0 = ftp,ftp-data,ftps,ftps-data\r\nfilter\u00a0\u00a0 = proftpd\r\nlogpath\u00a0 = \/var\/log\/proftpd\/proftpd.log\r\nmaxretry = 3\r\n<\/pre>\n<p>Idem pour activer le filtrage sur le serveur de mail<\/p>\n<pre lang=\"bash\">[postfix]\r\n\r\nenabled\u00a0 = true\r\nport\u00a0\u00a0\u00a0\u00a0 = smtp,ssmtp,submission\r\nfilter\u00a0\u00a0 = postfix\r\nlogpath\u00a0 = \/var\/log\/mail.log\r\n<\/pre>\n<p>Une fois l&rsquo;ensemble de la configuration r\u00e9alis\u00e9e, sauvegarder le fichier et relancer fail2ban avec la commande<\/p>\n<pre lang=\"bash\">sudo service fail2ban restart\r\n<\/pre>\n<p>Votre serveur est \u00e0 pr\u00e9sent (mieux) prot\u00e9g\u00e9 des intrusions.<br \/>\nVous pourrez rapidement consulter les actions de fail2ban en consultant le fichier de log <em>\/var\/log\/fail2ban.log<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Votre serveur web, comme toutes les machines connect\u00e9es \u00e0 internet et soumis en permanence \u00e0 des tentatives d&rsquo;intrusions. Le votre n&rsquo;\u00e9chappe n&rsquo;y \u00e9chappe sans doute pas&#8230; Pour le constater il vous suffit de consulter le fichier d&rsquo;authentification sudo vim \/var\/log\/auth.log En parcourant son contenu de nombreuses lignes comme sur la capture ci-dessous apparaissent : Ces [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[254],"tags":[321,297,257],"class_list":["post-821","post","type-post","status-publish","format-standard","hentry","category-serveurs-dedies","tag-fail2ban","tag-linux","tag-ubuntu"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/posts\/821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/comments?post=821"}],"version-history":[{"count":2,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/posts\/821\/revisions"}],"predecessor-version":[{"id":824,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/posts\/821\/revisions\/824"}],"wp:attachment":[{"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/media?parent=821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/categories?post=821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.h-hennes.fr\/blog\/wp-json\/wp\/v2\/tags?post=821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}