Line 5: |
Line 5: |
| | | |
| == Maintainer == | | == Maintainer == |
− | [[User:VIP-ire|Daniel B.]]<br/> | + | [[User:VIP-ire|Daniel B.]]<br /> |
| [http://www.firewall-services.com Firewall Services]<br> | | [http://www.firewall-services.com Firewall Services]<br> |
| mailto:daniel@firewall-services.com | | mailto:daniel@firewall-services.com |
| | | |
− | Please discuss, provide feedback and share epxeriences on the forums [http://forums.contribs.org/index.php/topic,51127.0.html '''here'''] | + | Please discuss, provide feedback and share experiences on the forums [http://forums.contribs.org/index.php/topic,51127.0.html '''here'''] |
| | | |
| == Description == | | == Description == |
Line 20: |
Line 20: |
| | | |
| == Requirements == | | == Requirements == |
− | This contrib has been developped and tested on SME Server 8 and later. It probably won't work on SME 7. | + | This contrib has been developed and tested on SME Server 8 and later. |
| | | |
| | | |
| {{Note box|The SME feature [http://wiki.contribs.org/AutoBlock AutoBlock SSH] should be disabled to ensure that fail2ban controls SSH traffic and not the SME build-in firewall.}} | | {{Note box|The SME feature [http://wiki.contribs.org/AutoBlock AutoBlock SSH] should be disabled to ensure that fail2ban controls SSH traffic and not the SME build-in firewall.}} |
| | | |
− | == Installation sme8 and sme9 == | + | ==Koozali SME v9== |
− | Configure Firewall-Services's repository:
| + | {{#smeversion: smeserver-fail2ban}} |
− | | |
− | db yum_repositories set fws repository \
| |
− | BaseURL http://repo.firewall-services.com/centos/\$releasever \
| |
− | EnableGroups no GPGCheck yes \
| |
− | Name "Firewall Services" \
| |
− | GPGKey http://repo.firewall-services.com/RPM-GPG-KEY \
| |
− | Visible yes status disabled
| |
− | | |
| | | |
| + | == Installation sme9 == |
| Configure EPEL's repository: | | Configure EPEL's repository: |
− | For SME 8.x,
| |
− |
| |
− | /sbin/e-smith/db yum_repositories set epel repository \
| |
− | Name 'Epel - EL5' \
| |
− | BaseUrl 'http://download.fedoraproject.org/pub/epel/5/$basearch' \
| |
− | MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' \
| |
− | EnableGroups no \
| |
− | GPGCheck yes \
| |
− | GPGKey http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL \
| |
− | Visible no \
| |
− | status disabled
| |
| | | |
| <onlyinclude>{{#ifeq:{{{transcludesection|epel9}}}|epel9| | | <onlyinclude>{{#ifeq:{{{transcludesection|epel9}}}|epel9| |
Line 66: |
Line 48: |
| *install the rpms | | *install the rpms |
| | | |
− | yum --enablerepo=fws --enablerepo=epel install smeserver-fail2ban | + | yum --enablerepo=smecontribs --enablerepo=epel install smeserver-fail2ban |
| | | |
| | | |
Line 95: |
Line 77: |
| | | |
| ==DB command== | | ==DB command== |
− | there is no panel yet you can manage the contrib by the db configuration, it is quite simple | + | While there is a panel in the server-manager, you can also manage the contrib by the db configuration, it is quite simple |
| | | |
| # config show fail2ban | | # config show fail2ban |
Line 364: |
Line 346: |
| for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') | | for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') |
| do | | do |
− | fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail' | + | fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4 |
| done | | done |
| then do | | then do |
Line 373: |
Line 355: |
| output: | | output: |
| # sfail2ban | | # sfail2ban |
− | Status for the jail: ftp | + | ftp: |
− | `- Banned IP list:
| + | imap: |
− | Status for the jail: http-auth | + | pam-generic: |
− | `- Banned IP list:
| + | qpsmtpd: |
− | Status for the jail: http-badbots | + | recidive: 141.98.80.15 |
− | `- Banned IP list:
| + | ssh: |
− | Status for the jail: http-fakegooglebot | + | ssh-ddos: |
− | `- Banned IP list:
| + | wordpress: |
− | Status for the jail: http-noscript
| |
− | `- Banned IP list:
| |
− | Status for the jail: http-overflows
| |
− | `- Banned IP list:
| |
− | Status for the jail: http-scan | |
− | `- Banned IP list:
| |
− | Status for the jail: http-shellshock
| |
− | `- Banned IP list:
| |
− | Status for the jail: imap
| |
− | `- Banned IP list:
| |
− | Status for the jail: pam-generic
| |
− | `- Banned IP list:
| |
− | Status for the jail: qpsmtpd | |
− | `- Banned IP list:
| |
− | Status for the jail: recidive | |
− | `- Banned IP list:
| |
− | Status for the jail: ssh | |
− | `- Banned IP list:
| |
− | Status for the jail: ssh-ddos | |
− | `- Banned IP list:
| |
| | | |
| ====Print a summary of the fail2ban db==== | | ====Print a summary of the fail2ban db==== |
Line 408: |
Line 370: |
| Paste this | | Paste this |
| <nowiki>#!/bin/bash | | <nowiki>#!/bin/bash |
− | echo -e \ | + | echo -e \ |
− | "IP \t"\ | + | "IP \t"\ |
− | "BanTime \t"\ | + | "BanTime \t"\ |
− | "UnbanTime \t"\ | + | "UnbanTime \t"\ |
− | "Jail" | + | "Jail" |
− | | + | |
− | for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}'); | + | for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}'); |
− | do
| + | do |
− | IP=$(db fail2ban getprop $ban Host)
| + | IP=$(db fail2ban getprop $ban Host) |
− | Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
| + | Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp)) |
− | UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
| + | UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp)) |
− | LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')
| + | LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}') |
− | | + | |
− | printf "%-15s" "$IP"
| + | printf "%-15s" "$IP" |
− | echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
| + | echo -e "\t$Bantime\t$UnBanTime\t$LastJail" |
− | done
| + | done |
− | </nowiki> | + | </nowiki> |
| | | |
| save, then make executable | | save, then make executable |
Line 433: |
Line 395: |
| Output: | | Output: |
| <nowiki>IP BanTime UnbanTime Jail | | <nowiki>IP BanTime UnbanTime Jail |
− | 46.246.39.228 2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan] | + | 46.246.39.228 2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan] |
− | 124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan] | + | 124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan] |
− | 212.237.54.93 2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan] | + | 212.237.54.93 2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan] |
− | </nowiki> | + | </nowiki> |
| | | |
| + | ===WordPress=== |
| + | Fail2Ban works with WordPress but needs some extra configuration. Please review the WordPress page, https://wiki.contribs.org/Wordpress#Fail2Ban |
| | | |
| == Bugs == | | == Bugs == |
Line 444: |
Line 408: |
| | | |
| Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-fail2ban|noresultsmessage=No open bugs found.}} | | Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component=smeserver-fail2ban|noresultsmessage=No open bugs found.}} |
| + | |
| + | ===Changelog=== |
| + | Only released version in smecontrib are listed here. |
| + | |
| + | {{#smechangelog: smeserver-fail2ban}} |
| + | ---- |
| | | |
| [[Category: Contrib]] | | [[Category: Contrib]] |
| [[Category: Security]] | | [[Category: Security]] |