{"id":5875,"date":"2021-09-05T08:46:51","date_gmt":"2021-09-05T07:46:51","guid":{"rendered":"https:\/\/olivier.hoarau.org\/?p=5875"},"modified":"2021-09-05T08:46:51","modified_gmt":"2021-09-05T07:46:51","slug":"filtrer-les-adresses-ip-menacantes","status":"publish","type":"post","link":"https:\/\/olivier.hoarau.org\/?p=5875","title":{"rendered":"Filtrer les adresses IP mena\u00e7antes"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Dans le but de s\u00e9curiser encore plus mon serveur j&rsquo;ai mis en place un filtrage d&rsquo;adresses IP potentiellement mena\u00e7antes. En fait certains sites comme <a href=\"https:\/\/www.abuseipdb.com\/\">abuseipbd<\/a> ou <a href=\"https:\/\/www.spamhaus.org\/\">spamhaus<\/a> collectent et maintiennent de telles listes, il suffit de les r\u00e9cup\u00e9rer et de les faire prendre en compte par son firewall favori. Pour ma part j&rsquo;utilise <a href=\"https:\/\/doc.ubuntu-fr.org\/shorewall\">shorewall<\/a> comme firewall et je me suis bas\u00e9 sur<a href=\"https:\/\/wiki.mageia.org\/en\/Firewall\"> cette page <\/a>du wiki de Mageia (en anglais).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Il faudra utiliser l&rsquo;outil <a href=\"https:\/\/ipset.netfilter.org\/\">IPset<\/a> qui permet de g\u00e9rer des listes d&rsquo;adresse IP (entre autres). Tout le reste et le d\u00e9tail de cette installation se retrouve sur <a href=\"https:\/\/www.funix.org\/fr\/linux\/index.php?ref=intrusions#filtrer-vilains\">cette page<\/a> de <a href=\"https:\/\/www.funix.org\">funix.org<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Dans le m\u00eame genre il existe \u00e9galement <a href=\"https:\/\/doc.ubuntu-fr.org\/fail2ban\">fail2ban<\/a> qui marche de mani\u00e8re un peu diff\u00e9rente. Il va analyser les logs des services lanc\u00e9s sur votre serveur comme <a href=\"https:\/\/www.funix.org\/fr\/linux\/index.php?ref=openssh2\">SSH<\/a>, <a href=\"https:\/\/www.funix.org\/fr\/linux\/index.php?ref=apache2\">Apache<\/a> ou bien encore <a href=\"https:\/\/www.funix.org\/fr\/linux\/index.php?ref=openvpn\">OpenVPN<\/a>, identifier les tentatives de connexion infructueuse et proc\u00e9der au bannissement de l&rsquo;adresse IP de l&rsquo;ind\u00e9licat via le firewall. En revanche je rencontre quelques soucis de configuration et \u00e7a n&rsquo;a pas l&rsquo;air de fonctionner pleinement, je continue \u00e0 chercher.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dans le but de s\u00e9curiser encore plus mon serveur j&rsquo;ai mis en place un filtrage d&rsquo;adresses IP potentiellement mena\u00e7antes. En fait certains sites comme abuseipbd ou spamhaus collectent et maintiennent de telles listes, il suffit de les r\u00e9cup\u00e9rer et de les faire prendre en compte par son firewall favori. Pour ma part j&rsquo;utilise shorewall comme &hellip; <a href=\"https:\/\/olivier.hoarau.org\/?p=5875\" class=\"more-link\">Continuer la lecture de <span class=\"screen-reader-text\">Filtrer les adresses IP mena\u00e7antes<\/span>  <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[5,12],"tags":[],"class_list":["post-5875","post","type-post","status-publish","format-standard","hentry","category-logiciels-libres","category-vie-de-funix"],"share_on_mastodon":{"url":"","error":""},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/peOjJ-1wL","jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/posts\/5875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5875"}],"version-history":[{"count":1,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/posts\/5875\/revisions"}],"predecessor-version":[{"id":5876,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=\/wp\/v2\/posts\/5875\/revisions\/5876"}],"wp:attachment":[{"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/olivier.hoarau.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}