Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: fail2ban, anybody?
« previous next »
Pages: [1]   Go Down

fail2ban, anybody?

  • 4 Replies
  • 1082 Views

Offline OzMoosis

  • ***
  • 46
  • +0/-0
fail2ban, anybody?
« on: November 20, 2009, 03:02:16 PM »
Hi all,

are there any SME users that have the latest Fail2ban version running?

(Fail2ban scans log files like /var/log/sshd/current or /var/log/ftp/current and bans IP's that have too many password failures. It updates firewall rules to reject the IP address. I guess it's similar to DenyHosts, but it can block more than just SSH)

I have the services running, and the "SSH jail" is active, but it doesn't seem to be doing anything when I test it by logging in to SSH incorrectly.

Anyone with a how-to?

Thanks,

Marcel
Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: fail2ban, anybody?
« Reply #1 on: November 20, 2009, 04:32:06 PM »
please, explain your problem, not the solution..

instead of banning ip, you could change sshd port to an unused one (above 1024).. no more noise in the logs
Logged

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: fail2ban, anybody?
« Reply #2 on: November 21, 2009, 09:49:34 AM »
Quote from: Stefano on November 20, 2009, 04:32:06 PM
please, explain your problem, not the solution..

instead of banning ip, you could change sshd port to an unused one (above 1024).. no more noise in the logs
Or better even, configure your SSH to use public/private key pairs, which will prevent password guessing hackers all together as they never get a connection, for details see http://wiki.contribs.org/SSH_Public-Private_Keys
Logged
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline OzMoosis

  • ***
  • 46
  • +0/-0
Re: fail2ban, anybody?
« Reply #3 on: November 21, 2009, 11:17:04 AM »
Thanks for the advice, but I know about these security options for SSH and am using them at the moment.

The point is that Fail2ban can detect failed login attempts on other services, such as FTP and Apache. That's what I'm most interested in, I'm just testing with SSH to see if I can get Fail2ban to work.

So far, the fail2ban service is running, and during setup it edited the IPtables configuration. It also sends mail to root about it's status. However, I can't tell whether it's reading the logfiles and it doesn't seem to be adding any DROP rules to IPtables as it should.

Marcel
Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: fail2ban, anybody?
« Reply #4 on: November 21, 2009, 12:12:15 PM »
Quote
So far, the fail2ban service is running, and during setup it edited the IPtables configuration. It also sends mail to root about it's status. However, I can't tell whether it's reading the logfiles and it doesn't seem to be adding any DROP rules to IPtables as it should.

I hope you're testing it on a test machine, not a production one..

SME's firewall rules are templatized and dinamically generated, so everything that change iptables rules could break your server.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: fail2ban, anybody?