分類彙整: 樹莓派

Linux樹莓派

如何防止惡意連結

發佈留言

https://chatgpt.com/share/684e364e-dd08-8002-b363-a3582babee48

https://chatgpt.com/share/684e630f-998c-8002-849b-fcb31d1eec86

sudo apt install fail2ban # Debian/Ubuntu
sudo systemctl enable –now fail2ban

新增 jail

/etc/fail2ban/jail.local

[DEFAULT]
封鎖時間、偵測視窗、失敗次數

bantime = 1h ; 封 1 小時(可寫 86400 或 1d)
findtime = 10m ; 10 分鐘內
maxretry = 5 ; 失敗 5 次就封
ignoreip = 127.0.0.1/8 192.0.2.10 ; 白名單 (例: 你的固定 IP)

[sshd] ; 啟用預設的 sshd filter
enabled = true
port = ssh ; 或 22,2222 等自訂 Port
logpath = %(sshd_log)s ; Debian=/var/log/auth.log, RHEL=/var/log/secure
backend = systemd ; 系統用 systemd journal 時可啟用

[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/access.log
maxretry = 1
bantime = 86400 # 封 1 天

sudo systemctl restart fail2ban


看全局
sudo fail2ban-client status

看 sshd jail 詳細資訊
sudo fail2ban-client status sshd

全域白名單(所有 jail 皆生效)
[DEFAULT]
ignoreip = 127.0.0.1/8 192.0.2.10 203.0.113.0/24 2001:db8::/32



自定義一份適合您格式的 filter
建立 /etc/fail2ban/filter.d/apache-custombots.conf 並加入:
[Definition]
failregex = ^ .“(GET|POST|HEAD)..env.HTTP.” [45]\d{2} .+ “.” ^ .“(GET|POST|HEAD)..git.HTTP.” [45]\d{2} .+ “.
^ .“(GET|POST|HEAD).” [45]\d{2} .+ “.ZmEu.
^ .“(GET|POST|HEAD).” [45]\d{2} .+ “.Hello World.
^ .“(GET|POST|HEAD).” [45]\d{2} .+ “.Keydrop.

ignoreregex =

然後在 jail.local 加入:
[apache-custombots]
enabled = true
port = http,https
logpath = /var/log/apache2/access.log
filter = apache-custombots
maxretry = 1
findtime = 600
bantime = 1h

再 reload:
sudo fail2ban-client reload
sudo fail2ban-client status apache-custombots



查看 iptables
sudo iptables -L

工具程式樹莓派

Install zerotier
on Raspberry Pi

發佈留言

https://snapcraft.io/install/zerotier/raspbian

重新抓IP方法
https://zerotier.atlassian.net/wiki/spaces/SD/pages/327693/How+to+Clear+Reset+your+ZeroTier+Address

If you would like to clear or reset ZeroTier’s address on a device (the 10-digit address node ID) or you have cloned a device and you want to prevent it from using the same address, follow these instructions:

  1. Stop the service.
    1. On Windows this is done with the service manager. (Open the Start Menu and start typing “service”)
    2. On Mac you can open a terminal and useStop Mac Servicesudo launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist.
    3. On Linux this is usuallysudo systemctl stop zerotier-oneorsudo service zerotier-one stop
  2. Delete the files identity.public and identity.secret from ZeroTier’s working directory.
    1. On Windows this is usually "\ProgramData\ZeroTier\One".
    2. On Mac this is "/Library/Application Support/ZeroTier/One".
      1. in your terminal, type open /Library/Application Support/ZeroTier/One to open the folder in Finder.
    3. On Linux this is usually "/var/lib/zerotier-one".
  3. Restart the service
    1. starting via the service manager on Windows
    2. On Macsudo launchctl load /Library/LaunchDaemons/com.zerotier.one.plist
    3. On Linuxsudo systemctl start zerotier-oneorsudo service zerotier-one start

When started without identities ZeroTier will generate new ones.

You will need to authorize this new identity on any networks.