Hi , how about FAIL2BAN in NethServer ? How to install it on NethServer? Should we enable EPEL , or install from rpm ? Have U a plan to make Fail2ban module ?
You have to enable EPEL
yes that will be a nice contrib, who wants to shoot first
i have installed fail2ban,try to implement
so U have to add this line to sshd.conf in filter.d
^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked(?P=__prefix)(?:error: )?Received disconnect from : 11: .+ [preauth]$
^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? [preauth](?P=__prefix)(?:error: )?Connection closed by [preauth]$
^(?P<__prefix>%(__prefix_line)s)Connection from port \d+(?: on \S+ port \d+)?(?P=__prefix)Disconnecting: Too many authentication failures for .+? [preauth]$
^%(__prefix_line)spam_unix(sshd:auth):\s+authentication failure;\slogname=\S\suid=\d\seuid=\d\stty=\S\sruser=\S\srhost=\s.$
Please try the code button to markup correctly your post.
If someone can provide his jail.conf, that could be a good start for a new module…when you look in it you need to write the path and the name to the logfile…surely it is the huge part of work
At the minute I have not too much time to play, but the code of templates is the easier part.
where is it ?
U’d better use jail.local I use only SSH,NTOP, WEB admin, Asterisk, Fail2ban . So I have made only SSH jail, for other jails i need to see LOG format
Is there anyone who’d like to go ahead with this topic? It might be pretty interesting
And you haven’t share such result with us yet?? Are you crazy?
Please do share. This needs to be implemented as a standard part of the IPS package.