Ce Forum passera en lecture seule en janvier 2020
Image
Merci de vous rendre sur https://community.jeedom.com maintenant pour vos prochains postes ;)

Tentative d'intrusion

Pour parler de tout, et surtout de rien !
Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 05 juin 2019, 22:21

madcow a écrit :
05 juin 2019, 21:14
Patdec a écrit :J'avais modifié le fichier defaults-debian.conf qui ne contenait que

Code : Tout sélectionner

[sshd]
enabled = true
et auquel j'avais ajouté

Code : Tout sélectionner

[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.61

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 5
Dois-je laisser comme cela ( en modifiant seulement avec l'Ip 192.168.1.38 ) pour limiter le temps et le nombre de tentatives ?

Autrement dit, la section [DEFAULT] doit elle être indiquée dans les 2 fichiers ?
C'est pas ce fichier que j'avais modifié.
J'avais suivi ce tuto : https://jeedom-facile.fr/index.php/2018 ... s-proxmox/
Par contre le contenu c'est ok.
Merci pour toutes ces précisions.

Je lis également par ailleurs que le loglevel de SSHD doit absolument être positionné sur DEBUG, sans quoi, Fail2ban ne bloquera rien concernant SSH . Malheureusement le lien donné ne fonctionne plus

As-tu une idée de comment faire cela ?
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 05 juin 2019, 23:07

Après avoir copié et renommé jail.conf en jail.local, j'ai 2 fichiers modifiés

Fichier defaults-debian.conf

Code : Tout sélectionner

[sshd]
enabled = true

[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.38 192.168.1.12

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
#ignoreip = 127.0.0.1/8 

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
#bantime  = 600
bandtime = 86400

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
#findtime  = 600
findtime = 3600

# "maxretry" is the number of failures before a host get banned.
#maxretry = 5
maxretry = 3

Fichier jail.local

Code : Tout sélectionner

#
# WARNING: heavily refactored in 0.9.0 release.  Please review and
#          customize settings for your setup.
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in jail.local file,
#           or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]
# bantime = 3600
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information



# Comments: use '#' for comment lines and ';' (following a space) for inline comments


[INCLUDES]

#before = paths-distro.conf
before = paths-debian.conf

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
#ignoreip = 127.0.0.1/8 
ignoreip = 127.0.0.1/8 192.168.1.38 192.168.1.12

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
#bantime  = 600
bandtime = 86400

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
#findtime  = 600
findtime = 3600

# "maxretry" is the number of failures before a host get banned.
#maxretry = 5
maxretry = 3

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#              If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#              If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# systemd:   uses systemd python library to access the systemd journal.
#              Specifying "logpath" is not valid for this backend.
#              See "journalmatch" in the jails associated filter config
# auto:      will try to use the following backends, in order:
#              pyinotify, gamin, polling.
#
# Note: if systemd backend is chosen as the default but you enable a jail
#       for which logs are present only in its own log files, specify some other
#       backend for that jail (e.g. polling) and provide empty value for
#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = auto

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a DNS lookup will be performed.
# warn:  if a hostname is encountered, a DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
# raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
usedns = warn

# "logencoding" specifies the encoding of the log files handled by the jail
#   This is used to decode the lines from the log file.
#   Typical examples:  "ascii", "utf-8"
#
#   auto:   will use the system locale setting
logencoding = auto

# "enabled" enables the jails.
#  By default all jails are disabled, and it should stay this way.
#  Enable only relevant to your setup jails in your .local or jail.d/*.conf
#
# true:  jail will be enabled and log files will get monitored for changes
# false: jail is not enabled
enabled = false


# "filter" defines the filter to use by the jail.
#  By default jails have names matching their filter name
#
filter = %(__name__)s


#
# ACTIONS
#

# Some options used for actions

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost


# Sender email address used solely for some actions
sender = root@localhost


# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

# Ports to be banned
# Usually should be overridden in a particular jail
port = 0:65535

# Format of user-agent https://tools.ietf.org/html/rfc7231#section-5.5.3
fail2ban_agent = Fail2Ban/%(fail2ban_version)s

#
# Action shortcuts. To be used to define action parameter

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
banaction_allports = iptables-allports

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]

# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

# Report block via blocklist.de fail2ban reporting service API
# 
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action. Create a file jail.d/blocklist_de.local containing
# [Init]
# blocklist_de_apikey = {api key from registration]
#
action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]

# Report ban via badips.com, and use as blacklist
#
# See BadIPsAction docstring in config/action.d/badips.py for
# documentation for this action.
#
# NOTE: This action relies on banaction being present on start and therefore
# should be last action defined for a jail.
#
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
#
# Report ban via badips.com (uses action.d/badips.conf for reporting only)
#
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s


#
# JAILS
#

#
# SSH servers
#

[sshd]

port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s


[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s


[dropbear]

port     = ssh
logpath  = %(dropbear_log)s
backend  = %(dropbear_backend)s


[selinux-ssh]

port     = ssh
logpath  = %(auditd_log)s


#
# HTTP servers
#

[apache-auth]

port     = http,https
logpath  = %(apache_error_log)s


[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
port     = http,https
logpath  = %(apache_access_log)s
bantime  = 172800
maxretry = 1


[apache-noscript]

port     = http,https
logpath  = %(apache_error_log)s


[apache-overflows]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-nohome]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-botsearch]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-fakegooglebot]

port     = http,https
logpath  = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>


[apache-modsecurity]

port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2


[apache-shellshock]

port    = http,https
logpath = %(apache_error_log)s
maxretry = 1


[openhab-auth]

filter = openhab
action = iptables-allports[name=NoAuthFailures]
logpath = /opt/openhab/logs/request.log


[nginx-http-auth]

port    = http,https
logpath = %(nginx_error_log)s

# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` 
# and define `limit_req` and `limit_req_zone` as described in nginx documentation
# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
# or for example see in 'config/filter.d/nginx-limit-req.conf'
[nginx-limit-req]
port    = http,https
logpath = %(nginx_error_log)s

[nginx-botsearch]

port     = http,https
logpath  = %(nginx_error_log)s
maxretry = 2


# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.

[php-url-fopen]

port    = http,https
logpath = %(nginx_access_log)s
          %(apache_access_log)s


[suhosin]

port    = http,https
logpath = %(suhosin_log)s


[lighttpd-auth]
# Same as above for Apache's mod_auth
# It catches wrong authentifications
port    = http,https
logpath = %(lighttpd_error_log)s


#
# Webmail and groupware servers
#

[roundcube-auth]

port     = http,https
logpath  = %(roundcube_errors_log)s


[openwebmail]

port     = http,https
logpath  = /var/log/openwebmail.log


[horde]

port     = http,https
logpath  = /var/log/horde/horde.log


[groupoffice]

port     = http,https
logpath  = /home/groupoffice/log/info.log


[sogo-auth]
# Monitor SOGo groupware server
# without proxy this would be:
# port    = 20000
port     = http,https
logpath  = /var/log/sogo/sogo.log


[tine20]

logpath  = /var/log/tine20/tine20.log
port     = http,https


#
# Web Applications
#
#

[drupal-auth]

port     = http,https
logpath  = %(syslog_daemon)s
backend  = %(syslog_backend)s

[guacamole]

port     = http,https
logpath  = /var/log/tomcat*/catalina.out

[monit]
#Ban clients brute-forcing the monit gui login
port = 2812
logpath  = /var/log/monit


[webmin-auth]

port    = 10000
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s


[froxlor-auth]

port    = http,https
logpath  = %(syslog_authpriv)s
backend  = %(syslog_backend)s


#
# HTTP Proxy servers
#
#

[squid]

port     =  80,443,3128,8080
logpath = /var/log/squid/access.log


[3proxy]

port    = 3128
logpath = /var/log/3proxy.log


#
# FTP servers
#


[proftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(proftpd_log)s
backend  = %(proftpd_backend)s


[pure-ftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(pureftpd_log)s
backend  = %(pureftpd_backend)s


[gssftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(syslog_daemon)s
backend  = %(syslog_backend)s


[wuftpd]

port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(wuftpd_log)s
backend  = %(wuftpd_backend)s


[vsftpd]
# or overwrite it in jails.local to be
# logpath = %(syslog_authpriv)s
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
port     = ftp,ftp-data,ftps,ftps-data
logpath  = %(vsftpd_log)s


#
# Mail servers
#

# ASSP SMTP Proxy Jail
[assp]

port     = smtp,465,submission
logpath  = /root/path/to/assp/logs/maillog.txt


[courier-smtp]

port     = smtp,465,submission
logpath  = %(syslog_mail)s
backend  = %(syslog_backend)s


[postfix]

port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s


[postfix-rbl]

port     = smtp,465,submission
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s
maxretry = 1


[sendmail-auth]

port    = submission,465,smtp
logpath = %(syslog_mail)s
backend = %(syslog_backend)s


[sendmail-reject]

port     = smtp,465,submission
logpath  = %(syslog_mail)s
backend  = %(syslog_backend)s


[qmail-rbl]

filter  = qmail
port    = smtp,465,submission
logpath = /service/qmail/log/main/current


# dovecot defaults to logging to the mail syslog facility
# but can be set by syslog_facility in the dovecot configuration.
[dovecot]

port    = pop3,pop3s,imap,imaps,submission,465,sieve
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s


[sieve]

port   = smtp,465,submission
logpath = %(dovecot_log)s
backend = %(dovecot_backend)s


[solid-pop3d]

port    = pop3,pop3s
logpath = %(solidpop3d_log)s


[exim]

port   = smtp,465,submission
logpath = %(exim_main_log)s


[exim-spam]

port   = smtp,465,submission
logpath = %(exim_main_log)s


[kerio]

port    = imap,smtp,imaps,465
logpath = /opt/kerio/mailserver/store/logs/security.log


#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#

[courier-auth]

port     = smtp,465,submission,imap3,imaps,pop3,pop3s
logpath  = %(syslog_mail)s
backend  = %(syslog_backend)s


[postfix-sasl]

port     = smtp,465,submission,imap3,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath  = %(postfix_log)s
backend  = %(postfix_backend)s


[perdition]

port   = imap3,imaps,pop3,pop3s
logpath = %(syslog_mail)s
backend = %(syslog_backend)s


[squirrelmail]

port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log


[cyrus-imap]

port   = imap3,imaps
logpath = %(syslog_mail)s
backend = %(syslog_backend)s


[uwimap-auth]

port   = imap3,imaps
logpath = %(syslog_mail)s
backend = %(syslog_backend)s


#
#
# DNS servers
#


# !!! WARNING !!!
#   Since UDP is connection-less protocol, spoofing of IP and imitation
#   of illegal actions is way too simple.  Thus enabling of this filter
#   might provide an easy way for implementing a DoS against a chosen
#   victim. See
#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
#   Please DO NOT USE this jail unless you know what you are doing.
#
# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks UDP traffic for DNS requests.
# [named-refused-udp]
#
# filter   = named-refused
# port     = domain,953
# protocol = udp
# logpath  = /var/log/named/security.log

# IMPORTANT: see filter.d/named-refused for instructions to enable logging
# This jail blocks TCP traffic for DNS requests.

[named-refused]

port     = domain,953
logpath  = /var/log/named/security.log


[nsd]

port     = 53
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/nsd.log


#
# Miscellaneous
#

[asterisk]

port     = 5060,5061
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath  = /var/log/asterisk/messages
maxretry = 10


[freeswitch]

port     = 5060,5061
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
           %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath  = /var/log/freeswitch.log
maxretry = 10


# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
# equivalent section:
# log-warning = 2
#
# for syslog (daemon facility)
# [mysqld_safe]
# syslog
#
# for own logfile
# [mysqld]
# log-error=/var/log/mysqld.log
[mysqld-auth]

port     = 3306
logpath  = %(mysql_log)s
backend  = %(mysql_backend)s


# Log wrong MongoDB auth (for details see filter 'filter.d/mongodb-auth.conf')
[mongodb-auth]
# change port when running with "--shardsvr" or "--configsvr" runtime operation
port     = 27017
logpath  = /var/log/mongodb/mongodb.log


# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
#    is not at DEBUG level -- which might then cause fail2ban to fall into
#    an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
#    to maintain entries for failed logins for sufficient amount of time
[recidive]

logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day


# Generic filter for PAM. Has to be used with action which bans all
# ports such as iptables-allports, shorewall

[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = %(banaction_allports)s
logpath  = %(syslog_authpriv)s
backend  = %(syslog_backend)s


[xinetd-fail]

banaction = iptables-multiport-log
logpath   = %(syslog_daemon)s
backend   = %(syslog_backend)s
maxretry  = 2


# stunnel - need to set port for this
[stunnel]

logpath = /var/log/stunnel4/stunnel.log


[ejabberd-auth]

port    = 5222
logpath = /var/log/ejabberd/ejabberd.log


[counter-strike]

logpath = /opt/cstrike/logs/L[0-9]*.log
# Firewall: http://www.cstrike-planet.com/faq/6
tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]

# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe
[nagios]

logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
backend  = %(syslog_backend)s
maxretry = 1


[oracleims]
# see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
logpath = /opt/sun/comms/messaging64/log/mail.log_current
banaction = %(banaction_allports)s

[directadmin]
logpath = /var/log/directadmin/login.log
port = 2222

[portsentry]
logpath  = /var/lib/portsentry/portsentry.history
maxretry = 1

[pass2allow-ftp]
# this pass2allow example allows FTP traffic after successful HTTP authentication
port         = ftp,ftp-data,ftps,ftps-data
# knocking_url variable must be overridden to some secret value in jail.local
knocking_url = /knocking/
filter       = apache-pass[knocking_url="%(knocking_url)s"]
# access log of the website with HTTP auth
logpath      = %(apache_access_log)s
blocktype    = RETURN
returntype   = DROP
bantime      = 3600
maxretry     = 1
findtime     = 1


[murmur]
# AKA mumble-server
port     = 64738
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp]
logpath  = /var/log/mumble-server/mumble-server.log


[screensharingd]
# For Mac OS Screen Sharing Service (VNC)
logpath  = /var/log/system.log
logencoding = utf-8

[haproxy-http-auth]
# HAProxy by default doesn't log to file you'll need to set it up to forward
# logs to a syslog server which would then write them to disk.
# See "haproxy-http-auth" filter for a brief cautionary note when setting
# maxretry and findtime.
logpath  = /var/log/haproxy.log

[slapd]
port    = ldap,ldaps
filter  = slapd
logpath = /var/log/slapd.log
J'ai donc 2 fichiers jail.conf et jail.local.
Je suppose donc que pour les quelques paramètres différents le jail.local prend la main sur le jail.conf

Edit du 9 juin 2019 :
En effet, les paramètres du fichier local prend la main sur ceux du fichier conf.
Ainsi, lors d'une release ou modification du jail.conf les paramètres du local resterons actifs.
Voir ici


Je laisse mon fichier log tel quel car @Poumi m'a fait remarquer une faute de frappe sur le paramètre bantime auquel j'avais ajouté un d pour l'écrire bandtime ( ce qui est faux )

J'ai finalisé avec un "service fail2ban restart "

Merci pour votre aide et reste à l'écoute pour améliorer.

PS : 192.168.1.12 est un PC portable


Edit : A votre avis, est-ce que je peux à nouveau ouvrir mes ports 80 et 443 chez mon FAI ?
Dernière édition par Patdec le 09 juin 2019, 22:29, édité 3 fois.
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 18:43

Le fichier /var/log/fail2ban.log.1 m'étonne car je ne comprend pas pourquoi une IP est bannie après 3 tentatives ( ce qui est prévu par le maxRetry =3 ) puis débanni dans la foulée ( 10 mn après ).
Probablement un setting de ma part incompris et/ou mal réglé.

Code : Tout sélectionner

2019-06-05 23:13:14,183 fail2ban.jail           [650]: INFO    Jail 'sshd' uses pyinotify {}
2019-06-05 23:13:14,284 fail2ban.jail           [650]: INFO    Initiated 'pyinotify' backend
2019-06-05 23:13:14,292 fail2ban.filter         [650]: INFO    Set jail log file encoding to UTF-8
2019-06-05 23:13:14,360 fail2ban.filter         [650]: INFO    Added logfile = /var/log/auth.log
2019-06-05 23:13:14,375 fail2ban.actions        [650]: INFO    Set banTime = 600
2019-06-05 23:13:14,378 fail2ban.filter         [650]: INFO    Set findtime = 3600
2019-06-05 23:13:14,380 fail2ban.filter         [650]: INFO    Set maxRetry = 3
2019-06-05 23:13:14,383 fail2ban.filter         [650]: INFO    Set maxlines = 10
2019-06-05 23:13:14,887 fail2ban.server         [650]: INFO    Jail sshd is not a JournalFilter instance
2019-06-05 23:13:14,939 fail2ban.jail           [650]: INFO    Jail 'sshd' started
2019-06-06 08:30:26,681 fail2ban.server         [660]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2019-06-06 08:30:26,698 fail2ban.database       [660]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-06-06 08:30:26,714 fail2ban.jail           [660]: INFO    Creating new jail 'sshd'
2019-06-06 08:30:26,857 fail2ban.jail           [660]: INFO    Jail 'sshd' uses pyinotify {}
2019-06-06 08:30:27,029 fail2ban.jail           [660]: INFO    Initiated 'pyinotify' backend
2019-06-06 08:30:27,032 fail2ban.filter         [660]: INFO    Set findtime = 3600
2019-06-06 08:30:27,048 fail2ban.filter         [660]: INFO    Set jail log file encoding to UTF-8
2019-06-06 08:30:27,054 fail2ban.filter         [660]: INFO    Added logfile = /var/log/auth.log
2019-06-06 08:30:27,058 fail2ban.filter         [660]: INFO    Set maxRetry = 3
2019-06-06 08:30:27,073 fail2ban.actions        [660]: INFO    Set banTime = 600
2019-06-06 08:30:27,074 fail2ban.filter         [660]: INFO    Set maxlines = 10
2019-06-06 08:30:27,644 fail2ban.server         [660]: INFO    Jail sshd is not a JournalFilter instance
2019-06-06 08:30:27,747 fail2ban.jail           [660]: INFO    Jail 'sshd' started
2019-06-08 01:17:52,922 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:52,973 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:54,622 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:54,770 fail2ban.actions        [660]: NOTICE  [sshd] Ban 95.104.119.234
2019-06-08 01:27:54,939 fail2ban.actions        [660]: NOTICE  [sshd] Unban 95.104.119.234
2019-06-08 03:18:41,947 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:41,984 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:43,861 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:44,278 fail2ban.actions        [660]: NOTICE  [sshd] Ban 103.41.28.70
2019-06-08 03:28:45,011 fail2ban.actions        [660]: NOTICE  [sshd] Unban 103.41.28.70
2019-06-08 04:42:33,898 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:33,909 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:36,288 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:36,517 fail2ban.actions        [660]: NOTICE  [sshd] Ban 83.19.99.65
2019-06-08 04:52:36,927 fail2ban.actions        [660]: NOTICE  [sshd] Unban 83.19.99.65
2019-06-08 05:10:23,106 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:23,135 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:25,440 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:25,898 fail2ban.actions        [660]: NOTICE  [sshd] Ban 80.232.248.65
2019-06-08 05:20:26,516 fail2ban.actions        [660]: NOTICE  [sshd] Unban 80.232.248.65
2019-06-08 05:39:51,021 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:51,047 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:53,027 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:53,958 fail2ban.actions        [660]: NOTICE  [sshd] Ban 123.143.203.194
2019-06-08 05:49:53,988 fail2ban.actions        [660]: NOTICE  [sshd] Unban 123.143.203.194
2019-06-09 17:00:23,886 fail2ban.server         [694]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2019-06-09 17:00:23,906 fail2ban.database       [694]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-06-09 17:00:23,923 fail2ban.jail           [694]: INFO    Creating new jail 'sshd'
Faut il écrire cela dans le jail.conf ou plutôt dans le jail.local

# "bantime" is the number of seconds that a host is banned.
# bantime = 600

# Permanent ban
bantime = -1


et ajouter dans iptables.multiports.conf les lignes 10 , 11 et 34

Code : Tout sélectionner


1 [Definition]
2
3 # Option:  actionstart
4 # Notes.:  command executed once at the start of Fail2Ban.
5 # Values:  CMD
6 #
7 actionstart = iptables -N fail2ban-<name>
8              iptables -A fail2ban-<name> -j RETURN
9              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
10          cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \
11         | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done
12 
13 # Option:  actionstop
14 # Notes.:  command executed once at the end of Fail2Ban
15 # Values:  CMD
16 #
17 actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
18             iptables -F fail2ban-<name>
19             iptables -X fail2ban-<name>
20 
21 # Option:  actioncheck
22 # Notes.:  command executed once before each actionban command
23 # Values:  CMD
24 #
25 actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
26 
27 # Option:  actionban
28 # Notes.:  command executed when banning an IP. Take care that the
29 #          command is executed with Fail2Ban user rights.
30 # Tags:    See jail.conf(5) man page
31 # Values:  CMD
32 #
33 actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
34        echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans
Merci pour votre coopération.

J'ai rien inventé, je tire ces infos de ce site
Dernière édition par Patdec le 09 juin 2019, 19:17, édité 2 fois.
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Avatar de l’utilisateur
Poumi
Actif
Messages : 660
Inscription : 21 mars 2019, 22:41

Re: Tentative d'intrusion

Message par Poumi » 09 juin 2019, 18:45

Patdec a écrit :
09 juin 2019, 18:43
Le fichier /var/log/fail2ban.log.1 m'étonne car je ne comprend pas pourquoi une IP est bannie après 3 tentatives ( ce qui est prévu par le maxRetry =3 ) puis débanni dans la foulée ( 10 mn après ).
Probablement un setting de ma part incompris et/ou mal réglé.

Merci pour votre coopération.

Code : Tout sélectionner

2019-06-05 23:13:14,183 fail2ban.jail           [650]: INFO    Jail 'sshd' uses pyinotify {}
2019-06-05 23:13:14,284 fail2ban.jail           [650]: INFO    Initiated 'pyinotify' backend
2019-06-05 23:13:14,292 fail2ban.filter         [650]: INFO    Set jail log file encoding to UTF-8
2019-06-05 23:13:14,360 fail2ban.filter         [650]: INFO    Added logfile = /var/log/auth.log
2019-06-05 23:13:14,375 fail2ban.actions        [650]: INFO    Set banTime = 600
2019-06-05 23:13:14,378 fail2ban.filter         [650]: INFO    Set findtime = 3600
2019-06-05 23:13:14,380 fail2ban.filter         [650]: INFO    Set maxRetry = 3
2019-06-05 23:13:14,383 fail2ban.filter         [650]: INFO    Set maxlines = 10
2019-06-05 23:13:14,887 fail2ban.server         [650]: INFO    Jail sshd is not a JournalFilter instance
2019-06-05 23:13:14,939 fail2ban.jail           [650]: INFO    Jail 'sshd' started
2019-06-06 08:30:26,681 fail2ban.server         [660]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2019-06-06 08:30:26,698 fail2ban.database       [660]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-06-06 08:30:26,714 fail2ban.jail           [660]: INFO    Creating new jail 'sshd'
2019-06-06 08:30:26,857 fail2ban.jail           [660]: INFO    Jail 'sshd' uses pyinotify {}
2019-06-06 08:30:27,029 fail2ban.jail           [660]: INFO    Initiated 'pyinotify' backend
2019-06-06 08:30:27,032 fail2ban.filter         [660]: INFO    Set findtime = 3600
2019-06-06 08:30:27,048 fail2ban.filter         [660]: INFO    Set jail log file encoding to UTF-8
2019-06-06 08:30:27,054 fail2ban.filter         [660]: INFO    Added logfile = /var/log/auth.log
2019-06-06 08:30:27,058 fail2ban.filter         [660]: INFO    Set maxRetry = 3
2019-06-06 08:30:27,073 fail2ban.actions        [660]: INFO    Set banTime = 600
2019-06-06 08:30:27,074 fail2ban.filter         [660]: INFO    Set maxlines = 10
2019-06-06 08:30:27,644 fail2ban.server         [660]: INFO    Jail sshd is not a JournalFilter instance
2019-06-06 08:30:27,747 fail2ban.jail           [660]: INFO    Jail 'sshd' started
2019-06-08 01:17:52,922 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:52,973 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:54,622 fail2ban.filter         [660]: INFO    [sshd] Found 95.104.119.234
2019-06-08 01:17:54,770 fail2ban.actions        [660]: NOTICE  [sshd] Ban 95.104.119.234
2019-06-08 01:27:54,939 fail2ban.actions        [660]: NOTICE  [sshd] Unban 95.104.119.234
2019-06-08 03:18:41,947 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:41,984 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:43,861 fail2ban.filter         [660]: INFO    [sshd] Found 103.41.28.70
2019-06-08 03:18:44,278 fail2ban.actions        [660]: NOTICE  [sshd] Ban 103.41.28.70
2019-06-08 03:28:45,011 fail2ban.actions        [660]: NOTICE  [sshd] Unban 103.41.28.70
2019-06-08 04:42:33,898 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:33,909 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:36,288 fail2ban.filter         [660]: INFO    [sshd] Found 83.19.99.65
2019-06-08 04:42:36,517 fail2ban.actions        [660]: NOTICE  [sshd] Ban 83.19.99.65
2019-06-08 04:52:36,927 fail2ban.actions        [660]: NOTICE  [sshd] Unban 83.19.99.65
2019-06-08 05:10:23,106 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:23,135 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:25,440 fail2ban.filter         [660]: INFO    [sshd] Found 80.232.248.65
2019-06-08 05:10:25,898 fail2ban.actions        [660]: NOTICE  [sshd] Ban 80.232.248.65
2019-06-08 05:20:26,516 fail2ban.actions        [660]: NOTICE  [sshd] Unban 80.232.248.65
2019-06-08 05:39:51,021 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:51,047 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:53,027 fail2ban.filter         [660]: INFO    [sshd] Found 123.143.203.194
2019-06-08 05:39:53,958 fail2ban.actions        [660]: NOTICE  [sshd] Ban 123.143.203.194
2019-06-08 05:49:53,988 fail2ban.actions        [660]: NOTICE  [sshd] Unban 123.143.203.194
2019-06-09 17:00:23,886 fail2ban.server         [694]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2019-06-09 17:00:23,906 fail2ban.database       [694]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-06-09 17:00:23,923 fail2ban.jail           [694]: INFO    Creating new jail 'sshd'
Juste en lisant comme ça j’aurais dit le bantime =600 non?

Dans ton fichier plus haut le bantime est en commentaire et tu as un bandtime. Faute de frappe?

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 19:22

Bonjour Poumi, j'ai édité mon post qui devrait être plus clair.

Merci pour ton intérêt.
Je ne doute pas que cela pourra servir à d'autres Jeedomien pour sécuriser leur accès externe.

From mon lieu de vacances enfin relié au monde extérieur. :D :D
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

madcow
Timide
Messages : 294
Inscription : 06 févr. 2019, 21:41

Re: Tentative d'intrusion

Message par madcow » 09 juin 2019, 20:20

Patdec a écrit :Bonjour Poumi, j'ai édité mon post qui devrait être plus clair.

Merci pour ton intérêt.
Je ne doute pas que cela pourra servir à d'autres Jeedomien pour sécuriser leur accès externe.

From mon lieu de vacances enfin relié au monde extérieur. :D :D
Bonjour,

J'ai pas compris si tu avais appliqué le conseil de Poumi.
Car en effet il faut enlever le "#" devant "# bantime = 600". Et le régler car cela va faire juste 10 min. Et enlever le "bantime =-1".
Il n'y a à rien d'autre à modifier normalement.



DIY Proxmox sur HP Proliant
Débutant sur Jeedom

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 21:26

madcow a écrit :
09 juin 2019, 20:20
Bonjour,

J'ai pas compris si tu avais appliqué le conseil de Poumi.
Car en effet il faut enlever le "#" devant "# bantime = 600". Et le régler car cela va faire juste 10 min. Et enlever le "bantime =-1".
Il n'y a à rien d'autre à modifier normalement.
Bonjour Madcow,

Je crois que tu n'as pas été voir le site que je renseignais plus haut.
Je remet le lien ici
https://arno0x0x.wordpress.com/2015/12/ ... tent-bans/
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

madcow
Timide
Messages : 294
Inscription : 06 févr. 2019, 21:41

Re: Tentative d'intrusion

Message par madcow » 09 juin 2019, 21:37

Patdec a écrit :
madcow a écrit :
09 juin 2019, 20:20
Bonjour,

J'ai pas compris si tu avais appliqué le conseil de Poumi.
Car en effet il faut enlever le "#" devant "# bantime = 600". Et le régler car cela va faire juste 10 min. Et enlever le "bantime =-1".
Il n'y a à rien d'autre à modifier normalement.
Bonjour Madcow,

Je crois que tu n'as pas été voir le site que je renseignais plus haut.
Je remet le lien ici
https://arno0x0x.wordpress.com/2015/12/ ... tent-bans/
En effet
Article très intéressant. Cela dépasse mes compétences cependant j'ai peu de te donner des conseils incorrects.

De mon point de vue pas besoin d'avoir un ban persistant après reboot. C'est rare que ce soit les mêmes ips qui reviennent.
DIY Proxmox sur HP Proliant
Débutant sur Jeedom

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 21:46

En résumé, le fichier jail.conf original est inchangé avec son réglage par défaut bandtime = 600 sec
Les fichiers jail.local et defaults-debian.conf ont le paramètre bandtime réglés à 86400 sec ( 24h )

Normalement le jail.local étant lu après le jail.conf devrait prendre la main sur ce dernier.
Et c'est pas le cas.
A nous tous, on arrivera à mettre ça au clair et peut être faire ensuite un tuto de sécurisation.
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Avatar de l’utilisateur
Poumi
Actif
Messages : 660
Inscription : 21 mars 2019, 22:41

Re: Tentative d'intrusion

Message par Poumi » 09 juin 2019, 21:49

Tu as corrigé la faute de frappe que je t’ai signalé plus haut sur le bantime dans ton fichier de config?

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 22:03

Poumi a écrit :
09 juin 2019, 21:49
Tu as corrigé la faute de frappe que je t’ai signalé plus haut sur le bantime dans ton fichier de config?
Ben non, même réponse faite à Madcow, voir ce lien https://arno0x0x.wordpress.com/2015/12/ ... tent-bans/

Si tu regardes mon post du 5 juin 22h07, le bandtime n'a pas de comment et est réglé sur 86400 pour être identique au bandtime du fichier defaults-debian.conf.
J'ai toujours compris que le comment # devant un paramètre le ramène à un explicatif texte à l'intention du lecteur et n'est pas pris en compte.
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Avatar de l’utilisateur
Poumi
Actif
Messages : 660
Inscription : 21 mars 2019, 22:41

Re: Tentative d'intrusion

Message par Poumi » 09 juin 2019, 22:05

Ce que je disais:

Le paramètre par défaut mis en commentaire:
bantime=600

Celui que tu a mis à la place:
bandtime=86400

Le d est en trop non?

Avatar de l’utilisateur
Patdec
Actif
Messages : 771
Inscription : 21 janv. 2015, 15:49
Localisation : Tournai

Re: Tentative d'intrusion

Message par Patdec » 09 juin 2019, 22:11

Poumi a écrit :
09 juin 2019, 22:05
Ce que je disais:

Le paramètre par défaut mis en commentaire:
bantime=600

Celui que tu a mis à la place:
bandtime=86400

Le d est en trop non?
T'es merveilleux de perspicacité Poumi, je confirme, t'as de bons yeux tu sais :lol:

Je corrige immédiatement. Cela devrait dès lors fonctionner.

MERCI.
Je ferais plus gaffe à l'avenir.
Débutant Jeedom.
VirtualBox 6.0.10 sur Tablette I Works 12 sous Win 10 - Debian 9.9
Jeedom 3.3.36 - Contrôleur Aeotec ZW 090 C
Modules Fibaro FGR-222

Répondre

Revenir vers « Discussions Générales »

Qui est en ligne ?

Utilisateurs parcourant ce forum : d0d0, Dapolux, jlescure et 12 invités