688
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
install fail2ban-subnets
==Proposed addition to "user contributions" section==
[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 04:43, 19 August 2017 (CEST)
Note: these procedures get the files installed and allow fail2ban and fail2ban-subnets to run without any errors, but I don't know if fail2ban is actually working after making these changes...
===Ban offending subnets===
[https://forums.contribs.org/index.php/topic,51127.msg276126.html#msg276126 Holck found a reference] to an add-on for fail2ban that bans subnets with repeated offences from multiple IPs.
"[https://github.com/XaF/fail2ban-subnets fail2ban-subnets] aims to provide a way to ban subnets of IPs repeatingly banned by fail2ban for multiple offenses."
====Prerequisites====
* [[Fail2ban#Installation_sme8_and_sme9]]
* Git
====Installation====
<nowiki>mkdir -p ~/addons
cd ~/addons
git clone https://github.com/XaF/fail2ban-subnets.git
# mkdir -p /etc/fail2ban/action.d.local /etc/fail2ban/filter.d.local
cp ~/addons/fail2ban-subnets/action.d.local/iptables-subnet.conf /etc/fail2ban/action.d/iptables-subnet.local
cp ~/addons/fail2ban-subnets/filter.d.local/subnets.conf /etc/fail2ban/filter.d/subnets.local
cat ~/addons/fail2ban-subnets/jail.local >> /etc/fail2ban/jail.local
service fail2ban restart
</nowiki>
====Test====
<nowiki>cd ~/addons/fail2ban-subnets
perl fail2ban-subnets.py
</nowiki>
====Activate hourly updates====
cp ~/addons/fail2ban-subnets/fail2ban-subnets.py /etc/cron.hourly
====Remove====
<nowiki># remove the custom action and filter
'rm' /etc/fail2ban/action.d/iptables-subnet.local
'rm' /etc/fail2ban/filter.d/subnets.local
#
# if you have other fail2ban custom jails you may need to edit /etc/fail2ban/jail.local
# otherwise, you can remove the entire file using
#
'rm' /etc/fail2ban/jail.local
#
# remove the hourly cron job
'rm' /etc/cron.hourly/fail2ban-subnets.py
#
# restart fail2ban
signal-event fail2ban-conf
service fail2ban restart
</nowiki>
==Proposed update for the checklist_ban script==
[[User:Mmccarn|Mmccarn]] ([[User talk:Mmccarn|talk]]) 14:54, 7 May 2017 (CEST)
<nowiki>#!/bin/bash
#lancer le script en sudo
echo -e "Jail failed / banned"
JAILS=$(fail2ban-client status | grep " Jail list:" | sed 's/`- Jail list://g' | sed 's/,//g')
for j in $JAILS
do
jail="$j "
failed=$(fail2ban-client status $j | grep " Currently failed:" | sed 's/[^0-9]*//')
banned=$(fail2ban-client status $j | grep " Currently banned:" | sed 's/[^0-9]*//')
echo -e "${jail:0:20} $failed / $banned"
done
</nowiki>
Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki.
Fine. Usually I'm told to put forum stuff into the wiki. Bound to happen the other way around. Have appended to the thread that 'tried' to point to the unwanted piece in the wiki.
----
----
@Piran: don't take comments personally to quickly. HFW just pointed out that to keep the wiki readable it needs some style (see: [[Help:Wiki_Manual_of_Style|Wiki Manual of Style]]). I've added the most important parts to the page, the rest i would keep as your personal notes.
@Piran: don't take comments personally to quickly. HFW just pointed out that to keep the wiki readable it needs some style (see: [[Help:Wiki_Manual_of_Style|Wiki Manual of Style]]). I've added the most important parts to the page, the rest i would keep as your personal notes.