|
|
Ligne 507 : |
Ligne 507 : |
| <pre>/etc/init.d/smartmontools restart</pre> | | <pre>/etc/init.d/smartmontools restart</pre> |
|
| |
|
| =Protéger votre proxmox= | | =Protégez votre proxmox= |
|
| |
|
| ==Eviter les reboots accidentels avec molly-gard== | | ==Eviter les reboots accidentels avec molly-gard== |
| <pre>aptitude install molly-guard</pre> | | <pre>apt install molly-guard</pre> |
|
| |
|
| ==sshguard== | | ==sshguard== |
Ligne 517 : |
Ligne 517 : |
|
| |
|
| ==firewall iptables== | | ==firewall iptables== |
|
| |
| Voici un petit script pour bloquer l'accès ssh, ftp et proxmox aux ips non française
| |
|
| |
| Attention, ce script doit être lancé APRÈS sshguard, sinon sshguard ne sera plus efficace
| |
|
| |
| <pre>
| |
| #! /bin/bash
| |
|
| |
| trusted_ipv6="blocipv6_1 blocipv6_2"
| |
| db=fr.zone
| |
| wget http://www.ipdeny.com/ipblocks/data/countries/fr.zone
| |
| trusted=$(egrep -v "^#|^$" $db)
| |
| rm $db
| |
|
| |
| echo "clearing iptables"
| |
| /sbin/iptables -t filter -D INPUT -p tcp -i vmbr0 -m multiport --dports 21,22,8006 -j firewall
| |
| /sbin/iptables -F firewall
| |
| /sbin/iptables -X firewall
| |
|
| |
| echo "adding rules to iptables"
| |
| /sbin/iptables -t filter -N firewall
| |
| /sbin/iptables -t filter -A INPUT -p tcp -i vmbr0 -m multiport --dports 21,22,8006 -j firewall
| |
|
| |
| for ipblock in $trusted; do
| |
| /sbin/iptables -t filter -A firewall -s $ipblock -j ACCEPT
| |
| done
| |
| /sbin/iptables -t filter -A firewall -j DROP
| |
|
| |
| echo "clearing ip6tables"
| |
| /sbin/ip6tables -t filter -D INPUT -p tcp -i vmbr0 -m multiport --dports 21,22,8006 -j firewall
| |
| /sbin/ip6tables -F firewall
| |
| /sbin/ip6tables -X firewall
| |
|
| |
| echo "adding rules to ip6tables"
| |
| /sbin/ip6tables -t filter -N firewall
| |
| /sbin/ip6tables -t filter -A INPUT -p tcp -i vmbr0 -m multiport --dports 21,22,8006 -j firewall
| |
|
| |
| for ipv6 in $trusted_ipv6; do
| |
| /sbin/ip6tables -t filter -A firewall -s $ipv6 -j ACCEPT
| |
| done
| |
| /sbin/ip6tables -t filter -A firewall -j DROP
| |
| </pre>
| |
|
| |
|
| =VMs= | | =VMs= |