Changes

From SME Server
Jump to navigationJump to search

Fail2ban (view source)

Revision as of 21:23, 19 September 2014

1,911 bytes added ,  21:23, 19 September 2014
→‎default jail.conf
Line 275: Line 275:  
  action  = smeserver-iptables[bantime=604800]
 
  action  = smeserver-iptables[bantime=604800]
 
           smeserver-sendmail[name="Recidive",dest=root]
 
           smeserver-sendmail[name="Recidive",dest=root]
 +
 +
'''With many thanks to the author for his work''' templating the install of Fail2Ban into SME8/9 here are some notes for introduction:
 +
 +
* F2B adds to SMEserver's own high security after SME has already reported forbidden access, file not found or a relaying denied error. F2B filters read appropriate logs and associated jails implement timed bans (by dropping all packets arriving from the culprit IP). Another F2B action sends a notifying email.
 +
 +
* Restarting the contrib clears existing bans but a suitable 'findtime' results in a reban. Be aware that the restart delay can be unexpectedly lengthy, I've noticed a variation of between a few seconds to one that extended to nearly 40 minutes! YMMV
 +
 +
* The 'out of the box' install's given filters are *already* completely capable of detecting most problems without any user templating being necessary.
 +
 +
* Parameters are passed using db commands. On my SME8.1 and with only www & email expectations (no SSH) I used:
 +
 +
db configuration setprop qpsmtpd Fail2Ban enabled
 +
 +
db configuration setprop httpd-e-smith Fail2Ban enabled
 +
 +
config setprop fail2ban MailRecipient root
 +
 +
config setprop fail2ban FindTime 1200
 +
 +
config setprop fail2ban BanTime 604800
 +
 +
config setprop fail2ban MaxRetry 1
 +
 +
signal-event fail2ban-conf
 +
 +
* don't use MaxTry=0 (apparently it is a special Perl value)
 +
 +
* required www triggers need to have appeared in /var/log/httpd/error_log
 +
 +
* required email triggers need to have appeared in /var/log/*qpsmtpd/current
 +
 +
I broke the master template by making the internal multipliers ($MaxRetry/$max) equivalent to unity. <br />
 +
The expanded jail.conf then showed only my own db command value for MaxRetry=1: <br />
 +
see /etc/e-smith/templates/ect/fail2ban/jail.conf/*
 +
 +
On installation and eventual configuration I have observed automatic immediate bans <br />
 +
for all 'relaying denied' email and iterations of semalt referer spam within 'findtime':-)
    
=== Uninstall ===
 
=== Uninstall ===
Piran
6

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/25176"

Navigation menu