Changes

From SME Server
Jump to navigationJump to search

Fail2ban (view source)

Revision as of 17:04, 5 April 2020

869 bytes removed ,  17:04, 5 April 2020
→‎Installation sme9
Line 5: Line 5:     
== Maintainer ==
 
== Maintainer ==
[[User:VIP-ire|Daniel B.]]<br/>
+
[[User:VIP-ire|Daniel B.]]<br />
 
[http://www.firewall-services.com Firewall Services]<br>
 
[http://www.firewall-services.com Firewall Services]<br>
 
mailto:daniel@firewall-services.com
 
mailto:daniel@firewall-services.com
   −
Please discuss, provide feedback and share epxeriences on the forums [http://forums.contribs.org/index.php/topic,51127.0.html '''here''']
+
Please discuss, provide feedback and share experiences on the forums [http://forums.contribs.org/index.php/topic,51127.0.html '''here''']
    
== Description ==
 
== Description ==
Line 20: Line 20:     
== Requirements ==
 
== Requirements ==
This contrib has been developped and tested on SME Server 8 and later. It probably won't work on SME 7.
+
This contrib has been developed and tested on SME Server 8 and later.
       
{{Note box|The SME feature [http://wiki.contribs.org/AutoBlock AutoBlock SSH] should be disabled to ensure that fail2ban controls SSH traffic and not the SME build-in firewall.}}
 
{{Note box|The SME feature [http://wiki.contribs.org/AutoBlock AutoBlock SSH] should be disabled to ensure that fail2ban controls SSH traffic and not the SME build-in firewall.}}
   −
== Installation sme8 and sme9 ==
+
==Koozali SME v9==
Configure Firewall-Services's repository:
+
{{#smeversion: smeserver-fail2ban}}
 
  −
db yum_repositories set fws repository \
  −
BaseURL http://repo.firewall-services.com/centos/\$releasever \
  −
EnableGroups no GPGCheck yes \
  −
Name "Firewall Services" \
  −
GPGKey http://repo.firewall-services.com/RPM-GPG-KEY \
  −
Visible yes status disabled
  −
 
      +
== Installation sme9 ==
 
Configure EPEL's repository:
 
Configure EPEL's repository:
For SME 8.x,
  −
  −
/sbin/e-smith/db yum_repositories set epel repository \
  −
Name 'Epel - EL5' \
  −
BaseUrl 'http://download.fedoraproject.org/pub/epel/5/$basearch' \
  −
MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' \
  −
EnableGroups no \
  −
GPGCheck yes \
  −
GPGKey http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL \
  −
Visible no \
  −
status disabled
      
<onlyinclude>{{#ifeq:{{{transcludesection|epel9}}}|epel9|
 
<onlyinclude>{{#ifeq:{{{transcludesection|epel9}}}|epel9|
Line 66: Line 48:  
*install the rpms
 
*install the rpms
   −
  yum --enablerepo=fws --enablerepo=epel install smeserver-fail2ban
+
  yum --enablerepo=smecontribs --enablerepo=epel install smeserver-fail2ban
      Line 95: Line 77:     
==DB command==
 
==DB command==
there is no panel yet you can manage the contrib by the db configuration, it is quite simple
+
While there is a panel in the server-manager, you can also manage the contrib by the db configuration, it is quite simple
    
  # config show fail2ban  
 
  # config show fail2ban  
Line 364: Line 346:  
  for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
 
  for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
 
  do
 
  do
  fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'
+
  fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4
 
  done
 
  done
 
then do  
 
then do  
Line 373: Line 355:  
output:
 
output:
 
  # sfail2ban
 
  # sfail2ban
  Status for the jail: ftp
+
  ftp:  
    `- Banned IP list:
+
  imap:  
  Status for the jail: http-auth
+
  pam-generic:
    `- Banned IP list:
+
  qpsmtpd:
  Status for the jail: http-badbots
+
  recidive: 141.98.80.15
    `- Banned IP list:
+
  ssh:
  Status for the jail: http-fakegooglebot
+
  ssh-ddos:
    `- Banned IP list:
+
wordpress:
Status for the jail: http-noscript
  −
    `- Banned IP list:
  −
Status for the jail: http-overflows
  −
    `- Banned IP list:
  −
  Status for the jail: http-scan
  −
    `- Banned IP list:
  −
Status for the jail: http-shellshock
  −
    `- Banned IP list:
  −
Status for the jail: imap
  −
    `- Banned IP list:
  −
Status for the jail: pam-generic
  −
    `- Banned IP list:
  −
  Status for the jail: qpsmtpd
  −
    `- Banned IP list:
  −
  Status for the jail: recidive
  −
    `- Banned IP list:
  −
  Status for the jail: ssh
  −
    `- Banned IP list:
  −
  Status for the jail: ssh-ddos
  −
    `- Banned IP list:
      
====Print a summary of the fail2ban db====
 
====Print a summary of the fail2ban db====
Line 408: Line 370:  
Paste this
 
Paste this
 
  <nowiki>#!/bin/bash
 
  <nowiki>#!/bin/bash
echo -e \
+
      echo -e \
"IP            \t"\
+
      "IP            \t"\
"BanTime            \t"\
+
      "BanTime            \t"\
"UnbanTime          \t"\
+
      "UnbanTime          \t"\
"Jail"
+
      "Jail"
 
+
     
for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}');  
+
      for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}');  
  do
+
        do
    IP=$(db fail2ban getprop $ban Host)
+
          IP=$(db fail2ban getprop $ban Host)
    Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
+
          Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
    UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
+
          UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
    LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')  
+
          LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')  
 
+
     
    printf "%-15s" "$IP"
+
          printf "%-15s" "$IP"
    echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
+
          echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
  done
+
        done
</nowiki>
+
      </nowiki>
    
save, then make executable
 
save, then make executable
Line 433: Line 395:  
Output:
 
Output:
 
  <nowiki>IP            BanTime            UnbanTime          Jail
 
  <nowiki>IP            BanTime            UnbanTime          Jail
46.246.39.228  2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan]
+
      46.246.39.228  2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan]
124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan]
+
      124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan]
212.237.54.93  2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan]
+
      212.237.54.93  2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan]
</nowiki>
+
      </nowiki>
    +
===WordPress===
 +
Fail2Ban works with WordPress but needs some extra configuration. Please review the WordPress page, https://wiki.contribs.org/Wordpress#Fail2Ban
    
== Bugs ==
 
== Bugs ==
Line 444: Line 408:     
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-fail2ban|noresultsmessage=No open bugs found.}}  
 
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-fail2ban|noresultsmessage=No open bugs found.}}  
 +
 +
===Changelog===
 +
Only released version in smecontrib are listed here.
 +
 +
{{#smechangelog: smeserver-fail2ban}}
 +
----
    
[[Category: Contrib]]
 
[[Category: Contrib]]
 
[[Category: Security]]
 
[[Category: Security]]
Kruhm
227

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/37823...38667"

Navigation menu