Hi , how about FAIL2BAN in NethServer ? How to install it on NethServer? Should we enable EPEL , or install from rpm ? Have U a plan to make Fail2ban module ?
You have to enable EPEL
@stephdl and @filippo_carletti might be attracted in this
yes that will be a nice contrib, who wants to shoot first
i have installed fail2ban,try to implement
so U have to add this line to sshd.conf in filter.d
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked(?P=__prefix)(?:error: )?Received disconnect from : 11: .+ [preauth]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? [preauth](?P=__prefix)(?:error: )?Connection closed by [preauth]$
^(?P<__prefix>%(__prefix_line)s)Connection from port \d+(?: on \S+ port \d+)?(?P=__prefix)Disconnecting: Too many authentication failures for .+? [preauth]$
^%(__prefix_line)spam_unix(sshd:auth):\s+authentication failure;\slogname=\S\suid=\d\seuid=\d\stty=\S\sruser=\S\srhost=\s.$
Please try the code button to markup correctly your post.
If someone can provide his jail.conf, that could be a good start for a new module…when you look in it you need to write the path and the name to the logfile…surely it is the huge part of work
At the minute I have not too much time to play, but the code of templates is the easier part.
where is it ?
U’d better use jail.local I use only SSH,NTOP, WEB admin, Asterisk, Fail2ban . So I have made only SSH jail, for other jails i need to see LOG format
Maybe @AbsyntH could lend a hand here, am I right?
Is there anyone who’d like to go ahead with this topic? It might be pretty interesting
@Nas I’d like to bump this topic, do you have move forward with your tests?
@alefattorini I have already implement Fail2Ban to my production.
And you haven’t share such result with us yet?? Are you crazy?
Please do share. This needs to be implemented as a standard part of the IPS package.