Installation of Fail2Ban?

Hi , how about FAIL2BAN in NethServer ? How to install it on NethServer? Should we enable EPEL , or install from rpm ? Have U a plan to make Fail2ban module ?


You have to enable EPEL

@stephdl and @filippo_carletti might be attracted in this :slight_smile:

yes that will be a nice contrib, who wants to shoot first :slight_smile:

i have installed fail2ban,try to implement
so U have to add this line to sshd.conf in filter.d
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked(?P=__prefix)(?:error: )?Received disconnect from : 11: .+ [preauth]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? [preauth](?P=__prefix)(?:error: )?Connection closed by [preauth]$
^(?P<__prefix>%(__prefix_line)s)Connection from port \d+(?: on \S+ port \d+)?(?P=__prefix)Disconnecting: Too many authentication failures for .+? [preauth]$
^%(__prefix_line)spam_unix(sshd:auth):\s+authentication failure;\slogname=\S\suid=\d\seuid=\d\stty=\S\sruser=\S\srhost=\s.$

Please try the code button to markup correctly your post.

If someone can provide his jail.conf, that could be a good start for a new module…when you look in it you need to write the path and the name to the logfile…surely it is the huge part of work :smile:

At the minute I have not too much time to play, but the code of templates is the easier part.

where is it ?

U’d better use jail.local :slight_smile: I use only SSH,NTOP, WEB admin, Asterisk, Fail2ban . So I have made only SSH jail, for other jails i need to see LOG format

Maybe @AbsyntH could lend a hand here, am I right? :smile:

Is there anyone who’d like to go ahead with this topic? It might be pretty interesting

i could , but have no time with new job

@Nas I’d like to bump this topic, do you have move forward with your tests?

1 Like

@alefattorini I have already implement Fail2Ban to my production.

And you haven’t share such result with us yet?? Are you crazy? :smiley:


Please do share. This needs to be implemented as a standard part of the IPS package.