|
|
Line 1: |
Line 1: |
− | {{Note box|Please do not edit the main how-to directly if you want to provide feedback or experiences. The blog style (first person) writing is not consistent with the 'documentation' style of the main how-to. The owner of the page or someone from the doc team can format your information if it's invalided.}}
| + | Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki. |
− | | |
− | | |
− | '''With many thanks to the author for his work''' templating the install of Fail2Ban into SME8/9 here are some notes for introduction:
| |
− | | |
− | * F2B adds to SMEserver's own high security after SME has already reported forbidden access, file not found or a relaying denied error. F2B filters read appropriate logs and associated jails implement timed bans (by dropping all packets arriving from the culprit IP). Another F2B action sends a notifying email.
| |
− | | |
− | * Restarting the contrib clears existing bans but a suitable 'findtime' results in a reban. Be aware that the restart delay can be unexpectedly lengthy, I've noticed a variation of between a few seconds to one that extended to nearly 40 minutes! YMMV
| |
− | | |
− | * The 'out of the box' install's given filters are *already* completely capable of detecting most problems without any user templating being necessary.
| |
− | | |
− | * Parameters are passed using db commands. On my SME8.1 and with only www & email expectations (no SSH) I used:
| |
− | | |
− | db configuration setprop qpsmtpd Fail2Ban enabled
| |
− | | |
− | db configuration setprop httpd-e-smith Fail2Ban enabled
| |
− | | |
− | config setprop fail2ban MailRecipient root
| |
− | | |
− | config setprop fail2ban FindTime 1200
| |
− | | |
− | config setprop fail2ban BanTime 604800
| |
− | | |
− | config setprop fail2ban MaxRetry 1
| |
− | | |
− | signal-event fail2ban-conf
| |
− | | |
− | * don't use MaxTry=0 (apparently it is a special Perl value)
| |
− | | |
− | * required www triggers need to have appeared in /var/log/httpd/error_log
| |
− | | |
− | * required email triggers need to have appeared in /var/log/*qpsmtpd/current
| |
− | | |
− | I broke the master template by making the internal multipliers ($MaxRetry/$max) equivalent to unity. <br />
| |
− | The expanded jail.conf then showed only my own db command value for MaxRetry=1: <br />
| |
− | see /etc/e-smith/templates/ect/fail2ban/jail.conf/*
| |
− | | |
− | On installation and eventual configuration I have observed automatic immediate bans <br />
| |
− | for all 'relaying denied' email and iterations of semalt referer spam within 'findtime':-)
| |