{"id":75,"date":"2015-10-22T20:33:21","date_gmt":"2015-10-22T19:33:21","guid":{"rendered":"http:\/\/blog.vincentcharles.ovh\/?p=75"},"modified":"2018-03-15T11:09:33","modified_gmt":"2018-03-15T10:09:33","slug":"mise-a-jour-iptables-fail2ban","status":"publish","type":"post","link":"https:\/\/blog.vincentcharles.ovh\/index.php\/2015\/10\/22\/mise-a-jour-iptables-fail2ban\/","title":{"rendered":"Mise \u00e0 jour iptables &#038; fail2ban"},"content":{"rendered":"<p>Super, quand on commence \u00e0 faire des tutos sur la s\u00e9curit\u00e9 r\u00e9seau, un probl\u00e8me survient toujours : c&rsquo;est l&rsquo;escalade. On cherche toujours plus de s\u00e9curit\u00e9. Dans un pr\u00e9c\u00e9dent tutorial, je parle de l&rsquo;utilisation d&rsquo;<em>iptables<\/em> (le frontend de <em>netfilter<\/em> &#8211; le firewall de Linux) et de fail2ban.<\/p>\n<p>Sauf que ce n&rsquo;est pas si facile. La derni\u00e8re version d&rsquo;<em>iptables<\/em> disponible sur la plupart des distributions Linux n&rsquo;est pas \u00e0 jour ce qui ne permet pas d&rsquo;utiliser la derni\u00e8re version de fail2ban.<\/p>\n<p>En effet, <em>fail2ban<\/em> (version 0.9.3) utilise l&rsquo;option -w d&rsquo;<em>iptables<\/em> qui n&rsquo;est pr\u00e9sente que depuis la version 1.4.20 de ce dernier. Nous allons donc voir ici comment on s&rsquo;y prend.<\/p>\n<h1>Mise \u00e0 jour d&rsquo;Iptables<\/h1>\n<p>R\u00e9cup\u00e9ration des sources d&rsquo;<em>iptables<\/em> :<\/p>\n<figure class=\"pc-legacy\"><pre><code class=\"language-bash\">wget http:\/\/netfilter.org\/projects\/iptables\/files\/iptables-1.4.21.tar.bz2<\/code><\/pre><\/figure>\n<p>Ensuite, on d\u00e9compresse, on configure et on compile (il faut bien sur gcc, libc, libc-devel &amp; make correctement install\u00e9s sur le syst\u00e8me) :<\/p>\n<figure class=\"pc-legacy\"><pre><code class=\"language-bash\">tar -jxvf iptables-xxxxxxx.tar.bz2\ncd iptables-xxxxxxxxx\n.\/configure --prefix=\/usr --sbindir=\/sbin --enable-libipq --with-xtlibdir=\/lib\/xtables\nmake<\/code><\/pre><\/figure>\n<p>Maintenant, on passe en administrateur (<em>root<\/em>) :<\/p>\n<figure class=\"pc-legacy\"><pre><code class=\"language-bash\">make install &amp;&amp;\nln -sfv ..\/..\/sbin\/xtables-multi \/usr\/bin\/iptables-xml &amp;&amp;\n\nfor file in ip4tc ip6tc ipq iptc xtables\ndo\n  mv -v \/usr\/lib\/lib${file}.so.* \/lib &amp;&amp;\n  ln -sfv ..\/..\/lib\/$(readlink \/usr\/lib\/lib${file}.so) \/usr\/lib\/lib${file}.so\ndone<\/code><\/pre><\/figure>\n<p>Maintenant qu&rsquo;<em>iptables<\/em> est install\u00e9, vous pouvez utiliser vos anciens scripts <em>\/etc\/init.d\/iptables<\/em> &#8230; pour le lancer.<\/p>\n<h1>Mise \u00e0 jour de Fail2ban<\/h1>\n<p>On r\u00e9cup\u00e8re les sources et on d\u00e9compresse :<\/p>\n<figure class=\"pc-legacy\"><pre><code class=\"language-bash\">wget https:\/\/github.com\/fail2ban\/fail2ban\/archive\/0.9.3.tar.gz\ntar -zxvf 0.9.3.tar.gz\ncd 0.9.3\/\npython setup.py install<\/code><\/pre><\/figure>\n<p>Maintenant on va juste copier le script d&rsquo;initialisation :<\/p>\n<figure class=\"pc-legacy\"><pre><code class=\"language-bash\">cp files\/debian-initd \/etc\/init.d\/fail2ban\nchmod +x \/etc\/init.d\/fail2ban\n# Pour gentoo : gentoo-initd ...<\/code><\/pre><\/figure>\n<p>Super, notre <em>iptables<\/em> est \u00e0 jour, notre <em>fail2ban<\/em> \u00e9galement.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Super, quand on commence \u00e0 faire des tutos sur la s\u00e9curit\u00e9 r\u00e9seau, un probl\u00e8me survient toujours : c&rsquo;est l&rsquo;escalade. On cherche toujours plus de s\u00e9curit\u00e9. Dans un pr\u00e9c\u00e9dent tutorial, je parle de l&rsquo;utilisation d&rsquo;iptables (le frontend de netfilter &#8211; le firewall de Linux) et de fail2ban. Sauf que ce n&rsquo;est pas si facile. La derni\u00e8re&#8230;<\/p>\n","protected":false},"author":1,"featured_media":74,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,25,2],"tags":[16],"class_list":["post-75","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorial_linux","category-tutorial_server","category-tutorial","tag-niveau_facile"],"_links":{"self":[{"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/posts\/75","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/comments?post=75"}],"version-history":[{"count":3,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/posts\/75\/revisions"}],"predecessor-version":[{"id":204,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/posts\/75\/revisions\/204"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/media\/74"}],"wp:attachment":[{"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/media?parent=75"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/categories?post=75"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vincentcharles.ovh\/index.php\/wp-json\/wp\/v2\/tags?post=75"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}