Changes

From SME Server
Jump to navigationJump to search
2,201 bytes added ,  06:30, 20 September 2014
Moved here from main how-to page
{{Note box|Please do not edit the main how-to directly if you want to provide feedback or experiences. The blog style writing is not consistent with the 'documentation' style of the main how-to. The owner of th page or someone for the doc team can format your information once invalided.}}


'''With many thanks to the author for his work''' templating the install of Fail2Ban into SME8/9 here are some notes for introduction:

* F2B adds to SMEserver's own high security after SME has already reported forbidden access, file not found or a relaying denied error. F2B filters read appropriate logs and associated jails implement timed bans (by dropping all packets arriving from the culprit IP). Another F2B action sends a notifying email.

* Restarting the contrib clears existing bans but a suitable 'findtime' results in a reban. Be aware that the restart delay can be unexpectedly lengthy, I've noticed a variation of between a few seconds to one that extended to nearly 40 minutes! YMMV

* The 'out of the box' install's given filters are *already* completely capable of detecting most problems without any user templating being necessary.

* Parameters are passed using db commands. On my SME8.1 and with only www & email expectations (no SSH) I used:

db configuration setprop qpsmtpd Fail2Ban enabled

db configuration setprop httpd-e-smith Fail2Ban enabled

config setprop fail2ban MailRecipient root

config setprop fail2ban FindTime 1200

config setprop fail2ban BanTime 604800

config setprop fail2ban MaxRetry 1

signal-event fail2ban-conf

* don't use MaxTry=0 (apparently it is a special Perl value)

* required www triggers need to have appeared in /var/log/httpd/error_log

* required email triggers need to have appeared in /var/log/*qpsmtpd/current

I broke the master template by making the internal multipliers ($MaxRetry/$max) equivalent to unity. <br />
The expanded jail.conf then showed only my own db command value for MaxRetry=1: <br />
see /etc/e-smith/templates/ect/fail2ban/jail.conf/*

On installation and eventual configuration I have observed automatic immediate bans <br />
for all 'relaying denied' email and iterations of semalt referer spam within 'findtime':-)

Navigation menu