Installation of Fail2Ban?


(Artem Fedai) #1

Hi , how about FAIL2BAN in NethServer ? How to install it on NethServer? Should we enable EPEL , or install from rpm ? Have U a plan to make Fail2ban module ?


(Michele Bortolotto) #2

You have to enable EPEL


(Alessio Fattorini) #3

@stephdl and @filippo_carletti might be attracted in this :slight_smile:


(Stéphane de Labrusse) #4

yes that will be a nice contrib, who wants to shoot first :slight_smile:


(Artem Fedai) #5

i have installed fail2ban,try to implement
so U have to add this line to sshd.conf in filter.d
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked(?P=__prefix)(?:error: )?Received disconnect from : 11: .+ [preauth]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? [preauth](?P=__prefix)(?:error: )?Connection closed by [preauth]$
^(?P<__prefix>%(__prefix_line)s)Connection from port \d+(?: on \S+ port \d+)?(?P=__prefix)Disconnecting: Too many authentication failures for .+? [preauth]$
^%(__prefix_line)spam_unix(sshd:auth):\s+authentication failure;\slogname=\S\suid=\d\seuid=\d\stty=\S\sruser=\S\srhost=\s.$


(Alessio Fattorini) #6

Please try the code button to markup correctly your post.


(Stéphane de Labrusse) #7

If someone can provide his jail.conf, that could be a good start for a new module…when you look in it you need to write the path and the name to the logfile…surely it is the huge part of work :smile:

At the minute I have not too much time to play, but the code of templates is the easier part.


(Artem Fedai) #8

where is it ?


(Artem Fedai) #9

U’d better use jail.local :slight_smile: I use only SSH,NTOP, WEB admin, Asterisk, Fail2ban . So I have made only SSH jail, for other jails i need to see LOG format


(Alessio Fattorini) #10

Maybe @AbsyntH could lend a hand here, am I right? :smile:


(Alessio Fattorini) #11

Is there anyone who’d like to go ahead with this topic? It might be pretty interesting


(Artem Fedai) #12

i could , but have no time with new job


Fail2ban in NethServer
(Alessio Fattorini) #13

@Nas I’d like to bump this topic, do you have move forward with your tests?


(Artem Fedai) #14

@alefattorini I have already implement Fail2Ban to my production.


(Alessio Fattorini) #15

And you haven’t share such result with us yet?? Are you crazy? :smiley:


(Adam) #16

Please do share. This needs to be implemented as a standard part of the IPS package.