[student@centos ~]$ nmcli device
DEVICE TYPE STATE CONNECTION
virbr0 bridge connected virbr0
eno16780032 ethernet connected Wired connection 1
virbr0-nic tap connected virbr0-nic
lo loopback unmanaged --
[student@srv1 ~]$ cat /etc/sysconfig/network-scripts/ifcfg-eno16780032
HWADDR=00:50:56:37:12:c6
NAME=eno16780032
DEVICE=eno16780032
ONBOOT=yes
USERCTL=no
BOOTPROTO=dhcp
PEERDNS=no
IPADDR=10.129.34.133
NETMASK=255.255.248.0
GATEWAY=10.129.39.254
DNS1=10.129.28.230
DNS2=10.129.28.232
check_link_down() {
return 1;
}
/etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.129.34.132
netmask 255.255.248.0
gateway 10.129.28.232
dns-nameservers 10.129.28.230 10.129.28.232
authenticaties zitten op /var/log/authd.log
Wat is fail2ban?
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
5 pogingen, 10 minuten in de hoek
ignoreip = 127.0.0.1/8 10.129.32.0/21
#...
maxretry = 3
#...
systemctl restart fail2ban
fail2ban-client start
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh
student@debian:~$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
5a:63:b5:b8:f2:05:2f:8f:7e:88:01:22:5c:ff:9d:f6 student@debian
The key's randomart image is:
+---[RSA 4096]----+
| |
| . |
|. . . . |
|... .. o . |
| . . .. S o |
| .= O |
| oo+.+ |
| .o.=.E |
| .+.. |
+-----------------+
student@debian:~$ ssh-copy-id [email protected]
~/.ssh/authorised_keys
/proc/meminfo
/etc/firewalld
/bin/ssh-keygen
/home/student/Desktop
yum install bind
/etc/named.conf
allow-query { 10.129.32.0/21; };
forwarders { 10.129.28.232; 10.129.28.230; };
dnssec-enable no;
dnssec-validation no;
root@debian:/home/student# cat /etc/resolv.conf
# Generated by NetworkManager
search hubkaho.be
nameserver 10.129.34.133
[root@srv1 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search viaene.ikdoeict
nameserver 10.129.34.133