Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: How to protect your cccam server with fail2ban in 4 steps installation

  1. #1
    Super Moderator turbopower's Avatar
    Join Date
    02-07-2011
    Location
    Somewhere between the Streams
    Posts
    3,512
    Uploads
    112

    Lightbulb How to protect your cccam server with fail2ban in 4 steps installation

    Hello friends,

    If you server slow down or have high network load or high consummation on ram or cpu. You need to jail unwanted peers.
    After following modification my server stop to freeze.
    My system is Ubuntu server 11.10 32bit, cccam 2.1.3

    1. Prepare your system (all commands are started like normal user)

    Code:
    $ sudo apt-get update
    $ sudo apt-get upgrade
    $ sudo apt-get install fail2ban nano bsd-mailx
    $ sudo touch /var/log/cccam.log
    $ sudo chmod 755 /var/log/cccam.log
    Change cccam options in your cccam start up script to

    ./CCcam.x86 -d > /var/log/cccam.log &
    2. Configuration

    - run command:
    Code:
    $ sudo nano /etc/fail2ban/jail.conf
    - change
    Code:
    backend = auto
    to
    Code:
    backend = polling
    - after
    Code:
    # action, port, logpath, etc) in that section within jail.local
    add and change 1234 with your cccam port after save and close file.

    Code:
    [cccam_sign]
    
    enabled = true
    port = 1234
    filter = cccam_sign
    logpath = /var/log/cccam.log
    maxretry = 10
    bantime = 86400
    
    [cccam_double]
    
    enabled = true
    port = 1234
    filter = cccam_double
    logpath = /var/log/cccam.log
    maxretry = 10
    bantime = 3600
    
    [cccam_bad]
    
    enabled = true
    port = 1234
    protocol = tcp
    filter = cccam_bad
    logpath = /var/log/cccam.log
    maxretry = 10
    bantime = 1800
    
    [cccam_ill]
    
    enabled = true
    port = 1234
    filter = cccam_ill
    logpath = /var/log/cccam.log
    maxretry = 3
    bantime = 12000
    
    [cccam_fail]
    
    enabled = true
    filter = cccam_fail
    action = iptables-allports[name=cccam_fail2ban]
            sendmail-whois[name=cccam_fail2ban]
    logpath = /var/log/fail2ban.log
    findtime = 604800
    bantime = 604800
    - run command:

    Code:
    $ sudo nano /etc/fail2ban/filter.d/cccam_bad.conf
    - enter the following content after save and close file.

    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = CCcam: kick <HOST>.*, bad command
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    - run command:

    Code:
    $ sudo nano /etc/fail2ban/filter.d/cccam_double.conf
    - enter the following content after save and close file.
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = CCcam: double login .*, \(previous <HOST>\), reject
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    - run command:

    Code:
    $ sudo nano /etc/fail2ban/filter.d/cccam_fail.conf
    - enter the following content after save and close file.
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST>
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    - run command:

    Code:
    $ sudo nano /etc/fail2ban/filter.d/cccam_ill.conf
    - enter the following content after save and close file.
    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = CCcam: illegal user .* from <HOST>
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    - run command:

    Code:
    $ sudo nano /etc/fail2ban/filter.d/cccam_sign.conf
    - enter the following content after save and close file.

    Code:
    # Fail2Ban configuration file
    #
    # Author: Cyril Jaquier
    #
    # $Revision: 510 $
    #
    
    [Definition]
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>\S+)
    # Values:  TEXT
    #
    failregex = CCcam: kick <HOST>, signature failed
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    3. Reboot the system.

    4. Login into system and make running checks.

    - run command:
    Code:
    $ tail -f /var/log/cccam.log
    If you see displayed content so that mean cccam log working well.

    - run command:
    Code:
    $ tail -f /var/log/fail2ban.log
    That will display banned ip addresses from fail2ban if you have any unneeded peers.

    That is all friends.

    Enjoy

  2. #2
    New Member
    Join Date
    01-07-2012
    Posts
    3
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    tutorial for E2 server box?

  3. #3
    Junior Member
    Join Date
    17-05-2012
    Posts
    9
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    put it into /etc/rc.local with correct path
    reboot server and look if CCcam.x86 is active

  4. #4
    Junior Member
    Join Date
    17-05-2012
    Posts
    9
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    put it like this:
    /emu/ccam/CCcam.x86 -d > /var/log/cccam.log &
    save and reboot



    Quote Originally Posted by coopdog View Post
    my cccam is in /emu/cccam , so i enter in rc.local,,,,,, /emu/ccam ./CCcam.x86 -d > /var/log/cccam.log & ,,,,,, could you please conferrm this. thx, sorry for been a n00b.

  5. #5
    Junior Member
    Join Date
    22-09-2013
    Posts
    15
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    Thanks for this great tut.

    My server is showing the Live Log when I use the command below:
    Code:
    tail -f /var/log/cccam.log
    But when I use the command to see banned IP`s, it shows banned Ip`s and a warning which I dont know what that is:

    Code:
    fail2ban.filter : INFO   Log rotation detected for /var/log/auth.log
    Should I be worried about this message? does this mean the process has encountered a problem?

    Thnx in advance.

  6. #6
    Super Moderator turbopower's Avatar
    Join Date
    02-07-2011
    Location
    Somewhere between the Streams
    Posts
    3,512
    Uploads
    112

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    This message is related to log rotation notification when fail2ban log is rotated. Don't worry about it, debug level about this message is INFO if you have the real problem should be FAIL.

  7. #7
    Junior Member
    Join Date
    22-09-2013
    Posts
    15
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    Very nice,

    Two more questions:

    -How can we unban or ban Ip`s manually?
    -How can we understand and edit time of banishment?

  8. #8
    Super Moderator turbopower's Avatar
    Join Date
    02-07-2011
    Location
    Somewhere between the Streams
    Posts
    3,512
    Uploads
    112

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    I will give you the answers litle bit later. In meanwhile please read fail2ban documentation this will answer you on most of the questions.

  9. #9
    Junior Member
    Join Date
    22-09-2013
    Posts
    15
    Uploads
    0

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    Thanks,

    I did search f2b documentation, couldnt find anything useful.

    I know is my incompetence.

  10. #10
    Super Moderator turbopower's Avatar
    Join Date
    02-07-2011
    Location
    Somewhere between the Streams
    Posts
    3,512
    Uploads
    112

    Re: How to protect your cccam server with fail2ban in 4 steps installation

    Check banned with iptables -L
    Delete entry with iptables -D "name-of-the-rule" "entry_number"
    Examples:
    name-of-the-rule =
    cccam_bad
    entry_number = 2

    For ban amount play with this value


    bantime = (in msec)

Page 1 of 2 12 LastLast

Similar Threads

  1. Installation addon cccam info
    By astigmat2000 in forum French / Français
    Replies: 9
    Last Post: 15-02-2011, 00:10:28
  2. Question installation CCcam 2.2.1 sous ubuntu 10.04?
    By d3.lim in forum French / Français
    Replies: 4
    Last Post: 24-12-2010, 13:25:40
  3. Info Sur Dm800, installation de CCCam 2.1.4
    By gsjm in forum French / Français
    Replies: 3
    Last Post: 09-03-2010, 11:16:53
  4. CCCam 2.1.3 installation
    By tumbe in forum Introductions
    Replies: 0
    Last Post: 31-01-2010, 16:35:28
  5. installation d'1 server CCcam
    By Pitoufo in forum French / Français
    Replies: 1
    Last Post: 22-03-2009, 21:41:52

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •