There is some solution to prevent mac scans
on ubuntu:
1. apt-get install fail2ban ipset iptables-persistent
2. extract archive and put files from archive in following directories
3. Import [db.sql] inside ministra (stalker) database
Configuration:
in file "/var/www/html/stalker_portal/server/tasks/ban_auths.php" we have 2 options:
whitelist
Good idea to add to whitelist current server ip.
on ubuntu:
1. apt-get install fail2ban ipset iptables-persistent
2. extract archive and put files from archive in following directories
3. Import [db.sql] inside ministra (stalker) database
4. execute commandsmysql -ustalker -p stalker_db < db.sql
5. add Cron Rule :service fail2ban stop
/sbin/ipset create scanners hash:net family inet hashsize 65535 maxelem 300000
/sbin/iptables-restore < /etc/iptables/rules.v4
service fail2ban start
* * * * * root cd /var/www/html/stalker_portal/server/tasks/; php ./ban_auths.php 1>>/var/log/stalkerd/bans.log 2>>/var/log/stalkerd/cron_error.log
Configuration:
in file "/var/www/html/stalker_portal/server/tasks/ban_auths.php" we have 2 options:
$interval = 10; //Interval for search
$limit = 5; //how much macs not allowed per ip
whitelist
/var/www/html/stalker_portal/server/whitelist - there ip's one per line
/etc/fail2ban/jail.d/ [bad_agents.conf and stalker.conf] ignoreip = - is whitelist of ip's separeted by ,
Good idea to add to whitelist current server ip.
If need solution for other ministras, just contact me: removed by redhat, please read the rules !
Attachments
Last edited by a moderator: