{"id":248033,"date":"2015-01-16T18:06:03","date_gmt":"2015-01-16T14:06:03","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=248033"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=248033","title":{"rendered":"<span class=\"post_title\">\u041f\u0435\u0440\u043c\u0430\u043d\u0435\u043d\u0442\u043d\u044b\u0439 \u0431\u0430\u043d \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 Fail2Ban + MikroTik<\/span>"},"content":{"rendered":"<div class=\"content html_format\"> \t\t\t\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434 \u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b Asterisk, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b \u0441\u0432\u043e\u044e \u0441\u0442\u0430\u0440\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0441 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u0432\u0430\u043b\u0441\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043c\u0435\u0441\u0442\u043d\u043e\u043c\u0443 SIP \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443. \u0411\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0438\u043d\u0443\u0442 \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Asterisk&#8217;\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432 \u043b\u043e\u0433\u0430\u0445 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0447\u0442\u043e \u043d\u0435 \u043c\u0435\u043d\u044f \u043d\u0438\u0447\u0443\u0442\u044c \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u043b\u043e, \u0442.\u043a. \u0442\u0430\u043a\u0430\u044f \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u043b\u044e\u0431\u043e\u043c \u0430\u0441\u0442\u0435\u0440\u0438\u0441\u043a\u0435, \u0441\u043c\u043e\u0442\u0440\u044f\u0449\u0435\u043c \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442. \u0411\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0432\u043e\u043b\u0435\u0432\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u043e\u0438\u0433\u0440\u0430\u0442\u044c\u0441\u044f \u0441 \u043b\u044e\u0431\u0438\u043c\u044b\u043c \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a\u043e\u043c \u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043b\u044e\u0431\u0438\u043c\u044b\u043c \u043f\u0438\u0442\u043e\u043d\u043e\u043c, \u0438 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u0442\u044c, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u044d\u0442\u0438\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.<\/p>\n<p>  \u0418\u0442\u0430\u043a, \u0443 \u043d\u0430\u0441 \u0438\u043c\u0435\u0435\u0442\u0441\u044f:  <\/p>\n<ul>\n<li> Ubuntu Server 14.04 (\u0434\u0443\u043c\u0430\u044e \u043d\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0438\u0430\u043b\u044c\u043d\u043e, \u0434\u043e\u043b\u0436\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445)<\/li>\n<li> <a href=\"http:\/\/www.fail2ban.org\/\">Fail2Ban<\/a><\/li>\n<li> MySQL<\/li>\n<li> <a href=\"http:\/\/asterisk.org\/\">Asterisk<\/a> (\u0438\u043b\u0438 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u0432\u0438\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u0431\u0440\u0443\u0442 \u0444\u043e\u0440\u0441 \u0430\u0442\u0430\u043a)<\/li>\n<li> \u0420\u043e\u0443\u0442\u0435\u0440 <a href=\"http:\/\/routerboard.com\/\">MikroTik<\/a><\/li>\n<li> \u0420\u0443\u043a\u0438<\/li>\n<li> \u0416\u0435\u043b\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0435\u0441\u0442\u0438 \u0432\u0435\u043b\u043e\u0441\u0438\u043f\u0435\u0434<\/li>\n<\/ul>\n<p>  \u041f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u044b \u0441\u0442\u0430\u0442\u0435\u0439 (<a href=\"http:\/\/habrahabr.ru\/post\/194356\/\">\u043e\u0434\u0438\u043d<\/a>, <a href=\"http:\/\/joshaven.com\/resources\/tricks\/mikrotik-automatically-updated-address-list\/\">\u0434\u0432\u0430<\/a>) \u0440\u043e\u0434\u0438\u043b\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u043a\u043e\u043d\u0446\u0435\u043f\u0442:  <\/p>\n<ol>\n<li> \u0431\u0430\u043d\u0438\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 Fail2Ban \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u044c \u0441 \u0435\u0433\u043e IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u0432 \u0411\u0414 MySQL<\/li>\n<li> \u043f\u043e\u0441\u043b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0432\u044b\u0434\u0430\u043d\u043d\u044b\u0445 \u0431\u0430\u043d\u043e\u0432 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c IP \u0430\u0434\u0440\u0435\u0441 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u043f\u0440\u0435\u0449\u0451\u043d\u043d\u044b\u0445 \u043d\u0430 \u0440\u043e\u0443\u0442\u0435\u0440\u0435<\/li>\n<\/ol>\n<p>  <a name=\"habracut\"><\/a><br \/>  \u0410 \u0442\u0435\u043f\u0435\u0440\u044c \u043a \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u044f.<br \/>  1. \u0421\u043e\u0437\u0434\u0430\u0451\u043c \u0411\u0414\/\u0442\u0430\u0431\u043b\u0438\u0446\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u2014 IP \u0430\u0434\u0440\u0435\u0441, \u043a\u043e\u0434 \u0441\u0442\u0440\u0430\u043d\u044b, \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0430\u043d\u044b, \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u044b\u0434\u0430\u043d\u043d\u044b\u0445 \u0431\u0430\u043d\u043e\u0432, \u0442\u0438\u043f \u0430\u0442\u0430\u043a\/\u0441\u0435\u0440\u0432\u0438\u0441 (jail name \u0438\u0437 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Fail2Ban), \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0430, \u043f\u0435\u0440\u0432\u0430\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0430 (\u0441 \u0437\u0430\u0434\u0435\u043b\u043e\u043c \u043d\u0430 \u0431\u0443\u0434\u0443\u0449\u0435\u0435, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0431\u0443\u0434\u0443 \u043a\u0430\u043a-\u0442\u043e \u0435\u0449\u0451 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0435).<\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u0445\u0435\u043c\u0430<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"sql\">CREATE DATABASE fail2ban CHARACTER SET utf8;  CREATE TABLE `ban_history` (   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,   `ip_address` char(15) NOT NULL DEFAULT '',   `country_code` varchar(5) DEFAULT NULL,   `country_name` varchar(30) DEFAULT NULL,   `count` int(11) NOT NULL,   `type` varchar(30) DEFAULT NULL,   `last_attempt` datetime NOT NULL,   `first_attempt` datetime NOT NULL,   PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  2. \u0421\u043e\u0437\u0434\u0430\u0451\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0432 \u0411\u0414. \u0421\u043a\u0440\u0438\u043f\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d \u043d\u0430 \u043f\u0438\u0442\u043e\u043d\u0435 \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0434\u043b\u044f \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u2014 <a href=\"https:\/\/pypi.python.org\/pypi\/pygeoip\/\">pygeoip<\/a> \u0438 <a href=\"https:\/\/pypi.python.org\/pypi\/MySQL-python\/\">MySQL-python<\/a>. \u041e\u0431\u0430 \u043c\u043e\u0434\u0443\u043b\u044f \u043b\u0435\u0433\u043a\u043e \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043f\u0430\u043a\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 pip:<\/p>\n<pre><code class=\"bash\">pip install pygeoip MySQL-python <\/code><\/pre>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043a\u0440\u0438\u043f\u0442<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"python\">#!\/usr\/bin\/env python2 # -*- coding: utf-8 -*-  import os import urllib import gzip import StringIO import logging import logging.handlers import MySQLdb import MySQLdb.cursors import ConfigParser import pygeoip from datetime import datetime from sys import exit from optparse import OptionParser   def main(config, logger, ip_addr, attack_type, GEOIP_DAT): \turl = urllib.urlopen('http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCountry\/GeoIP.dat.gz') \turl_f = StringIO.StringIO(url.read()) \thandle = gzip.GzipFile(fileobj=url_f) \twith open(GEOIP_DAT, 'w') as out: \t\tfor line in handle: \t\t\tout.write(line)  \tif config.has_option('general', 'mysql_ip') and config.has_option('general', 'mysql_user') and config.has_option('general', 'mysql_password') and config.has_option('general', 'mysql_db'): \t\ttry: \t\t\tlogger.info(&quot;Connecting to MySQL host: %s&quot; % config.get('general', 'mysql_ip')) \t\t\tdb = MySQLdb.connect( \t\t\t\thost=config.get('general', 'mysql_ip'), \t\t\t\tuser=config.get('general', 'mysql_user'), \t\t\t\tpasswd=config.get('general', 'mysql_password'), \t\t\t\tdb=config.get('general', 'mysql_db'), \t\t\t\tcursorclass=MySQLdb.cursors.DictCursor \t\t\t)  \t\t\tcursor = db.cursor() \t\t\tlogger.debug(&quot;Connected&quot;) \t\texcept MySQLdb.Error, e: \t\t\tlogger.error(&quot;Error %d: %s&quot; % (e.args[0], e.args[1])) \t\t\texit(2) \t\telse: \t\t\tquery = &quot;&quot;&quot;select * from ban_history where ip_address='%s' and type='%s'&quot;&quot;&quot; % (ip_addr, attack_type) \t\t\tresult = run_query(cursor, query, logger) \t\t\tresult = cursor.fetchall() \t\t\tnow = datetime.now() \t\t\tgi = pygeoip.GeoIP(GEOIP_DAT, flags=pygeoip.const.MEMORY_CACHE) \t\t\tcountry_code = gi.country_code_by_addr(ip_addr) \t\t\tcountry_name = gi.country_name_by_addr(ip_addr) \t\t\tif len(result) &gt; 0: \t\t\t\tlogger.info(&quot;Updating blacklist DB record for IP-address %s&quot; % ip_addr) \t\t\t\tresult = result[0] \t\t\t\tcount = result['count'] + 1 \t\t\t\tquery = &quot;&quot;&quot;update ban_history set count=%s, last_attempt='%s', country_code='%s', country_name='%s' where id=%s&quot;&quot;&quot; % (count, now, country_code, country_name, result['id']) \t\t\t\tresult = run_query(cursor, query, logger) \t\t\t\tdb.commit() \t\t\telse: \t\t\t\tlogger.info(&quot;Adding IP-address %s into blacklist DB&quot; % ip_addr) \t\t\t\tcount = 1 \t\t\t\tquery = &quot;&quot;&quot;insert into ban_history (ip_address, country_code, country_name, count, type, last_attempt, first_attempt) values('%s', '%s', '%s', %s, '%s', '%s', '%s')&quot;&quot;&quot; % (ip_addr, country_code, country_name, count, attack_type, now, now) \t\t\t\tresult = run_query(cursor, query, logger) \t\t\t\tdb.commit()  \telse: \t\tlogger.error(&quot;Configuration incomplete&quot;) \t\texit(3)   def run_query(cursor, query, logger): \ttry: \t\tlogger.debug(&quot;Running query \\'%s\\'&quot; % query) \t\tcursor.execute(query) \texcept MySQLdb.Error, e: \t\tlogger.error(&quot;Error %d: %s&quot; % (e.args[0], e.args[1])) \t\texit(2) \telse: \t\treturn True   if __name__ == '__main__': \ttry: \t\tROOT_PATH = os.path.dirname(os.path.realpath(__file__)) \t\tGEOIP_DAT = os.path.join(ROOT_PATH, 'GeoIP.dat') \t\tparser = OptionParser(usage=&quot;usage: %prog [-c &lt;configuration_file&gt;] [-v] --ip IP-ADDRESS --type TYPE&quot;) \t\tparser.add_option(&quot;-v&quot;, &quot;--verbose&quot;, \t\t\taction=&quot;store_true&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;verbose&quot;, \t\t\thelp=&quot;Verbose output&quot;) \t\tparser.add_option(&quot;-c&quot;, &quot;--config&quot;, \t\t\taction=&quot;store&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;cfg_file&quot;, \t\t\thelp=&quot;Full path to configuration file&quot;) \t\tparser.add_option(&quot;--ip&quot;, \t\t\taction=&quot;store&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;ip_addr&quot;, \t\t\thelp=&quot;Attacker IP address&quot;) \t\tparser.add_option(&quot;--type&quot;, \t\t\taction=&quot;store&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;attack_type&quot;, \t\t\thelp=&quot;Type of attack (service)&quot;)  \t\t(options, args) = parser.parse_args() \t\tverbose = options.verbose  \t\tip_addr = options.ip_addr \t\tattack_type = options.attack_type  \t\t# Reading configuration file \t\tcfg_file = options.cfg_file \t\tif not cfg_file: \t\t\tcfg_file = os.path.join(ROOT_PATH, 'blacklist_db.cfg') \t\tconfig = ConfigParser.RawConfigParser() \t\tconfig.read(cfg_file)  \t\t# Logging \t\tif config.get('general', 'log_file'): \t\t\tLOGFILE = config.get('general', 'log_file') \t\telse: \t\t\tLOGFILE = '\/tmp\/blacklist_db.log'  \t\tFORMAT = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='%Y-%m-%d %H:%M:%S') \t\ttry: \t\t\trotatetime = logging.handlers.TimedRotatingFileHandler(LOGFILE, when=&quot;midnight&quot;, interval=1, backupCount=14) \t\texcept IOError, e: \t\t\tprint &quot;ERROR %s: Can not open log file - %s&quot;  % (e[0], e[1]) \t\t\texit(1) \t\texcept Exception, e: \t\t\tprint &quot;Can not configure logger - %s&quot;  % e \t\t\texit(1) \t         \t\tformatter = logging.Formatter('%(asctime)s: %(message)s','%y-%m-%d %H:%M:%S')  \t\trotatetime.setFormatter(FORMAT) \t\tlogger = logging.getLogger('BLACKLIST-DB') \t\tlogger.addHandler(rotatetime)  \t\tif verbose: \t\t\tlvl = logging.DEBUG \t\t\tconsole = logging.StreamHandler() \t\t\tformatter = logging.Formatter('%(asctime)s: %(message)s','%y-%m-%d %H:%M:%S') \t\t\tconsole.setFormatter(formatter) \t\t\tlogger.addHandler(console) \t\telse: \t\t\tlvl = logging.INFO  \t\tlogger.setLevel(lvl)  \t\tif ip_addr and attack_type: \t\t\tmain(config, logger, ip_addr, attack_type, GEOIP_DAT) \t\telse: \t\t\tlogger.error(&quot;IP address and attack type are needed but not specified&quot;) \t\t\texit(1)  \texcept (KeyboardInterrupt): \t\tlogger.info(&quot;CTRL-C... exit&quot;) \t\texit(0)  \texcept (SystemExit): \t\tlogger.info(&quot;Exit&quot;) \t\texit(0) \t\t <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  \u0414\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0411\u0414 \u0441\u043a\u0440\u0438\u043f\u0442 \u0431\u0435\u0440\u0451\u0442 \u0438\u0437 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0430\u0439\u0442\u0438 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u0442\u0430\u043a \u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0430\u0442\u044c \u043f\u0443\u0442\u044c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043b\u044e\u0447\u0430 &quot;-c&quot;.<\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430<\/b><\/p>\n<div class=\"spoiler_text\">[general]<br \/>  log_file = \/var\/log\/blacklist_db.log<br \/>  mysql_ip = localhost<br \/>  mysql_user = db_user<br \/>  mysql_password = db_pass<br \/>  mysql_db = fail2ban<\/p>\n<p>  # \u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0431\u0430\u043d\u043e\u0432, \u043f\u043e\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043c\u044b \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c IP \u0430\u0434\u0440\u0435\u0441 \u0432 \u0431\u043b\u044d\u043a\u043b\u0438\u0441\u0442, \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 10<br \/>  #ban_count = 10  <\/div>\n<\/div>\n<p>  \u041a\u043b\u044e\u0447\u0435\u0432\u043e\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u2014 \u0441\u043a\u0440\u0438\u043f\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b \u0432 iptables, \u043f\u043e\u0441\u0435\u043c\u0443 \u044f \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b:  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\/etc\/fail2ban\/action.d\/iptables-allports.conf<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"bash\"># \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;  # \u0418\u0437\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;             \/\u043f\u0443\u0442\u044c\/\u043a\/\u0441\u043a\u0440\u0438\u043f\u0442\u0443 -v --ip &lt;ip&gt; --type &lt;name&gt; <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\/etc\/fail2ban\/action.d\/iptables-multiport.conf<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"bash\"># \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;  # \u0418\u0437\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;             \/\u043f\u0443\u0442\u044c\/\u043a\/\u0441\u043a\u0440\u0438\u043f\u0442\u0443 -v --ip &lt;ip&gt; --type &lt;name&gt; <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  <\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\/etc\/fail2ban\/action.d\/iptables-new.conf<\/b><\/p>\n<div class=\"spoiler_text\"> (\u043d\u0435 \u0443\u0432\u0435\u0440\u0435\u043d \u0434\u043b\u044f \u0447\u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u044d\u0442\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435, \u0432\u043d\u0451\u0441 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0435\u0440\u043d\u043e\u0441\u0442\u0438)  <\/p>\n<pre><code class=\"bash\"># \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;  # \u0418\u0437\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 actionban = iptables -I fail2ban-&lt;name&gt; 1 -s &lt;ip&gt; -j &lt;blocktype&gt;             \/\u043f\u0443\u0442\u044c\/\u043a\/\u0441\u043a\u0440\u0438\u043f\u0442\u0443 -v --ip &lt;ip&gt; --type &lt;name&gt; <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  \u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u043f\u043e\u0441\u043b\u0435 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u043f\u0440\u0430\u0432\u0438\u043b \u0432 iptables \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043d\u0430\u0448 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442, \u043b\u0438\u0431\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u0411\u0414.<\/p>\n<p>  3. \u0421\u043e\u0437\u0434\u0430\u0451\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u043b\u044d\u043a\u043b\u0438\u0441\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u0431\u0443\u0434\u0443\u0442 \u0438\u043c\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432 \u043d\u0430\u0448 \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a. \u0421\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0442\u043e\u0442 \u0436\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0411\u0414 \u0438 \u0442\u0430\u043a \u0436\u0435 \u0438\u0449\u0435\u0442 \u0435\u0433\u043e \u0432 \u0441\u0432\u043e\u0435\u0439 \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u043e\u043f\u044f\u0442\u044c \u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0430\u0442\u044c \u043f\u0443\u0442\u044c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043b\u044e\u0447\u0430 &quot;-c&quot;. \u041d\u0430 \u0432\u044b\u0445\u043e\u0434\u0435 \u0441\u043e\u0437\u0434\u0430\u0451\u0442\u0441\u044f \u0441\u043a\u0440\u0438\u043f\u0442\/\u0441\u043f\u0438\u0441\u043e\u043a \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0434\u043b\u044f \u0438\u043c\u043f\u043e\u0440\u0442\u0430 \u0432 \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a, \u043e\u043f\u044f\u0442\u044c \u0436\u0435 \u0432 \u0442\u043e\u0439 \u0436\u0435 \u0441\u0430\u043c\u043e\u0439 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043f\u0443\u0442\u044c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u043b\u044e\u0447\u0430 &quot;-o&quot;.<\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">\u0421\u043a\u0440\u0438\u043f\u0442<\/b><\/p>\n<div class=\"spoiler_text\">\n<pre><code class=\"python\">#!\/usr\/bin\/env python2 # -*- coding: utf-8 -*-  import os import logging import logging.handlers import MySQLdb import MySQLdb.cursors import ConfigParser from sys import exit from optparse import OptionParser   def main(config, logger, output): \tif config.has_option('general', 'ban_count'): \t\tban_count = config.getint('general', 'ban_count') \telse: \t\tban_count = 10  \tif config.has_option('general', 'mysql_ip') and config.has_option('general', 'mysql_user') and config.has_option('general', 'mysql_password') and config.has_option('general', 'mysql_db'): \t\ttry: \t\t\tlogger.info(&quot;Connecting to MySQL host: %s&quot; % config.get('general', 'mysql_ip')) \t\t\tdb = MySQLdb.connect( \t\t\t\thost=config.get('general', 'mysql_ip'), \t\t\t\tuser=config.get('general', 'mysql_user'), \t\t\t\tpasswd=config.get('general', 'mysql_password'), \t\t\t\tdb=config.get('general', 'mysql_db'), \t\t\t\tcursorclass=MySQLdb.cursors.DictCursor \t\t\t)  \t\t\tcursor = db.cursor() \t\t\tlogger.debug(&quot;Connected&quot;) \t\texcept MySQLdb.Error, e: \t\t\tlogger.error(&quot;Error %d: %s&quot; % (e.args[0], e.args[1])) \t\t\texit(2) \t\telse: \t\t\tcontents = ['\/ip firewall address-list'] \t\t\tlogger.info('Fetching adresses from the blacklist DB') \t\t\tquery = &quot;&quot;&quot;select * from ban_history&quot;&quot;&quot; \t\t\tresult = run_query(cursor, query, logger) \t\t\tresult = cursor.fetchall() \t\t\tfor ip in result: \t\t\t\tif ip['count'] &gt;= ban_count: \t\t\t\t\tlist_name = '%s_BLC' % ip['type'].upper() \t\t\t\t\tlogger.info('Adding IP %s into \\'%s\\' list' % (ip['ip_address'], list_name)) \t\t\t\t\tlist_line = 'add address=%s list=%s comment=BLACKLIST' % (ip['ip_address'], list_name) \t\t\t\t\tcontents.append(list_line)  \t\t\tif len(contents) &gt; 1: \t\t\t\tlogger.info('Generating mikrotik rsc script...') \t\t\t\tscript_file = open(output, 'w') \t\t\t\tfor item in contents: \t\t\t\t\tscript_file.write(&quot;%s\\r\\n&quot; % item)  \t\t\t\tscript_file.close()  \t\t\tlogger.info('Done')  \telse: \t\tlogger.error(&quot;Configuration incomplete&quot;) \t\texit(3)   def run_query(cursor, query, logger): \ttry: \t\tlogger.debug(&quot;Running query \\'%s\\'&quot; % query) \t\tcursor.execute(query) \texcept MySQLdb.Error, e: \t\tlogger.error(&quot;Error %d: %s&quot; % (e.args[0], e.args[1])) \t\texit(2) \telse: \t\treturn True   if __name__ == '__main__': \ttry: \t\tROOT_PATH = os.path.dirname(os.path.realpath(__file__)) \t\tparser = OptionParser(usage=&quot;usage: %prog [-c &lt;configuration_file&gt;] [-v] [-o &lt;output_file_path&gt;]&quot;) \t\tparser.add_option(&quot;-v&quot;, &quot;--verbose&quot;, \t\t\taction=&quot;store_true&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;verbose&quot;, \t\t\thelp=&quot;Verbose output&quot;) \t\tparser.add_option(&quot;-c&quot;, &quot;--config&quot;, \t\t\taction=&quot;store&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;cfg_file&quot;, \t\t\thelp=&quot;Full path to configuration file&quot;) \t\tparser.add_option(&quot;-o&quot;, \t\t\taction=&quot;store&quot;, \t\t\tdefault=False, \t\t\tdest=&quot;output&quot;, \t\t\thelp=&quot;Full path for the generated script file&quot;)  \t\t(options, args) = parser.parse_args() \t\tverbose = options.verbose \t\toutput = options.output  \t\tif not output: \t\t\toutput = os.path.join(ROOT_PATH, 'blacklists.rsc')  \t\t# Reading configuration file \t\tcfg_file = options.cfg_file \t\tif not cfg_file: \t\t\tcfg_file = os.path.join(ROOT_PATH, 'blacklist_db.cfg') \t\tconfig = ConfigParser.RawConfigParser() \t\tconfig.read(cfg_file)  \t\t# Logging \t\tif config.get('general', 'log_file'): \t\t\tLOGFILE = config.get('general', 'log_file') \t\telse: \t\t\tLOGFILE = '\/tmp\/blacklist_db.log'  \t\tFORMAT = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt='%Y-%m-%d %H:%M:%S') \t\ttry: \t\t\trotatetime = logging.handlers.TimedRotatingFileHandler(LOGFILE, when=&quot;midnight&quot;, interval=1, backupCount=14) \t\texcept IOError, e: \t\t\tprint &quot;ERROR %s: Can not open log file - %s&quot;  % (e[0], e[1]) \t\t\texit(1) \t\texcept Exception, e: \t\t\tprint &quot;Can not configure logger - %s&quot;  % e \t\t\texit(1) \t         \t\tformatter = logging.Formatter('%(asctime)s: %(message)s','%y-%m-%d %H:%M:%S')  \t\trotatetime.setFormatter(FORMAT) \t\tlogger = logging.getLogger('BLACKLIST-DB') \t\tlogger.addHandler(rotatetime)  \t\tif verbose: \t\t\tlvl = logging.DEBUG \t\t\tconsole = logging.StreamHandler() \t\t\tformatter = logging.Formatter('%(asctime)s: %(message)s','%y-%m-%d %H:%M:%S') \t\t\tconsole.setFormatter(formatter) \t\t\tlogger.addHandler(console) \t\telse: \t\t\tlvl = logging.INFO  \t\tlogger.setLevel(lvl)  \t\tmain(config, logger, output)  \texcept (KeyboardInterrupt): \t\tlogger.info(&quot;CTRL-C... exit&quot;) \t\texit(0)  \texcept (SystemExit): \t\tlogger.info(&quot;Exit&quot;) \t\texit(0)  <\/code><\/pre>\n<p>  <\/div>\n<\/div>\n<p>  \u042d\u0442\u043e\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u043a\u0440\u043e\u043d\u0430, \u044f \u0432\u044b\u0441\u0442\u0430\u0432\u0438\u043b \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0432 15 \u043c\u0438\u043d\u0443\u0442.  <\/p>\n<pre><code class=\"bash\">*\/15 * * * * \/\u043f\u0443\u0442\u044c\/\u043a\/\u0441\u043a\u0440\u0438\u043f\u0442\u0443 &gt; \/dev\/null 2&gt;&1 <\/code><\/pre>\n<p>  4. \u0418\u043c\u043f\u043e\u0440\u0442 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u043f\u0438\u0441\u043a\u0430 \u0432 \u043d\u0430\u0448 \u0440\u043e\u0443\u0442\u0435\u0440.<\/p>\n<p>  \u041f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a\u0430 \u043d\u0443\u0436\u043d\u043e \u043f\u043e\u043c\u0435\u0441\u0442\u0438\u0442\u044c \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u043d\u0430\u0448\u0435\u0433\u043e web-\u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0443 \u043c\u0435\u043d\u044f \u0441\u0442\u043e\u0438\u0442 <a href=\"http:\/\/nginx.org\/\">nginx<\/a> \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u044f \u0434\u043e\u0431\u0430\u0432\u0438\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0441\u0442\u0440\u043e\u043a\u0438:  <\/p>\n<pre><code class=\"bash\">    location \/blacklists.rsc {         root \/\u043f\u0443\u0442\u044c\/\u043a\/\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438\/\u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0439\/\u0441\u043a\u0440\u0438\u043f\u0442;     } <\/code><\/pre>\n<p>  \u0412\u043c\u0435\u0441\u0442\u043e web-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0412\u044b \u043c\u043e\u0436\u0435\u0442\u0435 <a href=\"http:\/\/wiki.mikrotik.com\/wiki\/Manual:Tools\/Fetch\">\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c ftp \u0438\u043b\u0438 tftp<\/a>, \u0442\u0443\u0442 \u0432\u0441\u0451 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0412\u0430\u0448\u0435\u0433\u043e \u0432\u043a\u0443\u0441\u0430.<\/p>\n<p>  \u0414\u0430\u043d\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u00ab\u0443\u043a\u0440\u0430\u0434\u0435\u043d\u0430\u00bb \u0438\u0437 <a href=\"http:\/\/joshaven.com\/resources\/tricks\/mikrotik-automatically-updated-address-list\/\">\u0432\u0442\u043e\u0440\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0438<\/a>.<\/p>\n<p>  \u0420\u0430\u0437 \u0432 \u0447\u0430\u0441 \u0444\u0430\u0439\u043b \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443 HTTP \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0430 (\u043d\u0438\u0436\u0435 \u0441\u043a\u0440\u0438\u043f\u0442 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a\u0430 \u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a\u0430):  <\/p>\n<pre><code class=\"bash\"># \u0421\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u043d\u0438\u044f \u0431\u043b\u044d\u043a\u043b\u0438\u0441\u0442\u0430, \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u0435 example.com \u043d\u0430 \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u0435 \u0438\u043c\u044f, \u043b\u0438\u0431\u043e IP \u0430\u0434\u0440\u0435\u0441 \u0412\u0430\u0448\u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \/system script add name=&quot;Download_blacklists&quot; source={ \/tool fetch url=&quot;http:\/\/example.com\/blacklists.rsc&quot; mode=http; :log info &quot;Downloaded blacklists.rsc&quot;; }  # \u041f\u0440\u0430\u0432\u0438\u043b\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a\u0430 \u0434\u043b\u044f \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \/system scheduler add comment=&quot;Download blacklists&quot; interval=1h name=&quot;DownloadBlackLists&quot; on-event=Download_blacklists start-date=jan\/01\/1970 start-time=01:05:00 <\/code><\/pre>\n<p>  \u0421\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0438\u043c\u043f\u043e\u0440\u0442\u0430 \u0431\u043b\u044d\u043a\u043b\u0438\u0441\u0442\u0430:  <\/p>\n<pre><code class=\"bash\"># \u0421\u043a\u0440\u0438\u043f\u0442 \/system script add name=&quot;Update_blacklists&quot; source={ \/ip firewall address-list remove [\/ip firewall address-list find comment=&quot;BLACKLIST&quot;]; \/import file-name=blacklists.rsc; :log info &quot;Removal old blacklists and add new&quot;; }  # \u041f\u0440\u0430\u0432\u0438\u043b\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a\u0430 \/system scheduler add comment=&quot;Update BlackList&quot; interval=1h name=&quot;InstallBlackLists&quot; on-event=Update_blacklists start-date=jan\/01\/1970 start-time=01:15:00 <\/code><\/pre>\n<p>  \u0414\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u043f\u0438\u0441\u043a\u0430 \u0441\u043e\u0437\u0434\u0430\u044e\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044e\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0438 \u043f\u043e\u043c\u0435\u0449\u0430\u044e\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u0434 \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0449\u0438\u043c\u0438 (\u0442.\u043a. \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u043e \u043f\u043e\u0440\u044f\u0434\u043a\u0443), \u0432 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u044b 2 \u043f\u0440\u0430\u0432\u0438\u043b\u0430, \u0434\u043b\u044f SSH \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 SIP:  <\/p>\n<pre><code class=\"bash\">\/ip firewall filter add action=reject chain=forward comment=&quot;SIP: Reject Blacklisted IP addresses&quot; dst-port=5060-5061 in-interface=ID-Net protocol=udp src-address-list=ASTERISK_BLC add action=reject chain=forward comment=&quot;SSH: Reject Blacklisted IP addresses&quot; dst-port=22 in-interface=ID-Net protocol=tcp src-address-list=SSH_BLC <\/code><\/pre>\n<p>  \u0413\u0434\u0435 ID-Net \u0438\u043c\u044f \u043c\u043e\u0435\u0433\u043e \u0432\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430.<\/p>\n<p>  \u0414\u0430\u043d\u043d\u044b\u0439 \u00ab\u0432\u0435\u043b\u043e\u0441\u0438\u043f\u0435\u0434\u00bb \u043d\u0438 \u043d\u0430 \u0447\u0442\u043e \u043d\u0435 \u043f\u0440\u0435\u0442\u0435\u043d\u0434\u0443\u0435\u0442 \u0438 \u0431\u044b\u043b \u0441\u043e\u0431\u0440\u0430\u043d \u00ab\u043d\u0430 \u043a\u043e\u043b\u0435\u043d\u043a\u0435\u00bb \u0437\u0430 \u043f\u0430\u0440\u0443-\u0442\u0440\u043e\u0439\u043a\u0443 \u0447\u0430\u0441\u043e\u0432.<br \/>  \u041d\u0430\u0434\u0435\u044e\u0441\u044c \u043d\u0430 \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u043a\u0443 \u0445\u0430\u0431\u0440\u043e\u0432\u0447\u0430\u043d \u0438 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f\u043c.<\/p>\n<p>  <b><a href=\"https:\/\/www.dropbox.com\/s\/orf5wubkr7998ln\/blacklist_db.zip?dl=0\">\u0410\u0440\u0445\u0438\u0432<\/a> \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u0438 \u0441\u0445\u0435\u043c\u043e\u0439 \u0411\u0414.<\/b> \t\t\t<\/p>\n<div class=\"clear\"><\/div>\n<\/p><\/div>\n<p> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"http:\/\/habrahabr.ru\/post\/248033\/\"> http:\/\/habrahabr.ru\/post\/248033\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"content html_format\"> \t\t\t\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043d\u0430\u0437\u0430\u0434 \u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b Asterisk, \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u043b \u0441\u0432\u043e\u044e \u0441\u0442\u0430\u0440\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0441 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u0432\u0430\u043b\u0441\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043c\u0435\u0441\u0442\u043d\u043e\u043c\u0443 SIP \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0443. \u0411\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0438\u043d\u0443\u0442 \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Asterisk&#8217;\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u0432 \u043b\u043e\u0433\u0430\u0445 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0447\u0442\u043e \u043d\u0435 \u043c\u0435\u043d\u044f \u043d\u0438\u0447\u0443\u0442\u044c \u043d\u0435 \u0443\u0434\u0438\u0432\u0438\u043b\u043e, \u0442.\u043a. \u0442\u0430\u043a\u0430\u044f \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u043b\u044e\u0431\u043e\u043c \u0430\u0441\u0442\u0435\u0440\u0438\u0441\u043a\u0435, \u0441\u043c\u043e\u0442\u0440\u044f\u0449\u0435\u043c \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442. \u0411\u044b\u043b\u043e \u043f\u0440\u0438\u043d\u044f\u0442\u043e \u0432\u043e\u043b\u0435\u0432\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u043e\u0438\u0433\u0440\u0430\u0442\u044c\u0441\u044f \u0441 \u043b\u044e\u0431\u0438\u043c\u044b\u043c \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a\u043e\u043c \u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043b\u044e\u0431\u0438\u043c\u044b\u043c \u043f\u0438\u0442\u043e\u043d\u043e\u043c, \u0438 \u043f\u0440\u0438\u0434\u0443\u043c\u0430\u0442\u044c, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441 \u044d\u0442\u0438\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.<\/p>\n<p>  \u0418\u0442\u0430\u043a, \u0443 \u043d\u0430\u0441 \u0438\u043c\u0435\u0435\u0442\u0441\u044f:  <\/p>\n<ul>\n<li> Ubuntu Server 14.04 (\u0434\u0443\u043c\u0430\u044e \u043d\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0438\u0430\u043b\u044c\u043d\u043e, \u0434\u043e\u043b\u0436\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445)<\/li>\n<li> <a href=\"http:\/\/www.fail2ban.org\/\">Fail2Ban<\/a><\/li>\n<li> MySQL<\/li>\n<li> <a href=\"http:\/\/asterisk.org\/\">Asterisk<\/a> (\u0438\u043b\u0438 \u043b\u044e\u0431\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0435\u0440\u0432\u0438\u0441, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u0431\u0440\u0443\u0442 \u0444\u043e\u0440\u0441 \u0430\u0442\u0430\u043a)<\/li>\n<li> \u0420\u043e\u0443\u0442\u0435\u0440 <a href=\"http:\/\/routerboard.com\/\">MikroTik<\/a><\/li>\n<li> \u0420\u0443\u043a\u0438<\/li>\n<li> \u0416\u0435\u043b\u0430\u043d\u0438\u0435 \u0438\u0437\u043e\u0431\u0440\u0435\u0441\u0442\u0438 \u0432\u0435\u043b\u043e\u0441\u0438\u043f\u0435\u0434<\/li>\n<\/ul>\n<p>  \u041f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u044b \u0441\u0442\u0430\u0442\u0435\u0439 (<a href=\"http:\/\/habrahabr.ru\/post\/194356\/\">\u043e\u0434\u0438\u043d<\/a>, <a href=\"http:\/\/joshaven.com\/resources\/tricks\/mikrotik-automatically-updated-address-list\/\">\u0434\u0432\u0430<\/a>) \u0440\u043e\u0434\u0438\u043b\u0441\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u043a\u043e\u043d\u0446\u0435\u043f\u0442:  <\/p>\n<ol>\n<li> \u0431\u0430\u043d\u0438\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 Fail2Ban \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0437\u0430\u043f\u0438\u0441\u044c \u0441 \u0435\u0433\u043e IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u0432 \u0411\u0414 MySQL<\/li>\n<li> \u043f\u043e\u0441\u043b\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0432\u044b\u0434\u0430\u043d\u043d\u044b\u0445 \u0431\u0430\u043d\u043e\u0432 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c IP \u0430\u0434\u0440\u0435\u0441 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u043f\u0440\u0435\u0449\u0451\u043d\u043d\u044b\u0445 \u043d\u0430 \u0440\u043e\u0443\u0442\u0435\u0440\u0435<\/li>\n<\/ol>\n<p>  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-248033","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/248033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=248033"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/248033\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=248033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=248033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=248033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}