Universite/linux-debian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28f06a5f244d0f5319813ebd7482dcff92a18358
linux-debian/reaction.md
medina474 9bc574689f Protection
2025-10-02 10:10:34 +02:00

1.3 KiB
Raw Blame History

apt install ./reaction_2.2.0-1_amd64.deb apt install iptables systemctl enable reaction@reaction.jsonnet systemctl start reaction@reaction.jsonnet

iptables -L reaction

reaction show

local banFor(time) = {
  ban: {
    cmd: ['iptables', '-w', '-A', 'reaction', '-s', '<ip>', '-j', 'DROP'],
  },
  unban: {
    cmd: ['iptables', '-w', '-D', 'reaction', '-s', '<ip>', '-j', 'DROP'],
    after: time,
  },
};

{
  patterns: {
    ip: {
      type: 'ipv4',
    },
  },
  start: [
    ['iptables', '-N', 'reaction'],
    ['iptables', '-I', 'INPUT', '-p', 'all', '-j', 'reaction'],
    ['iptables', '-I', 'FORWARD', '-p', 'all', '-j', 'reaction'],
  ],
  stop: [
    ['iptables', '-D', 'INPUT', '-p', 'all', '-j', 'reaction'],
    ['iptables', '-D', 'FORWARD', '-p', 'all', '-j', 'reaction'],
    ['iptables', '-F', 'reaction'],
    ['iptables', '-X', 'reaction'],
  ],
  streams: {
    ssh: {
      cmd: ['journalctl', '-fu', 'ssh.service'],
      filters: {
        failedlogin: {
          regex: [
            @'authentication failure;.*rhost=<ip>',
            @'Failed password for .* from <ip>',
            @'banner exchange: Connection from <ip> port [0-9]*: invalid format',
            @'Invalid user .* from <ip>',
          ],
          retry: 3,
          retryperiod: '6h',
          actions: banFor('96h'),
        },
      },
    },
  },
}
Reference in New Issue View Git Blame Copy Permalink