Koozali.org: home of the SME Server

[contrib] fail2ban

guest22

[contrib] fail2ban
« on: September 20, 2014, 07:35:32 AM »
This is the place to discuss, provide feedback and share experiences regarding the fail2ban contrib

http://wiki.contribs.org/Fail2ban

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: [contrib] fail2ban
« Reply #1 on: December 08, 2015, 01:03:31 PM »
interesting contrib, it detects all the failed auth on a server of mine, but since the server is configured as "server only", no action is taken by the script, because masq is disabled and so no iptables rules are in place..
in the documentation there's no indication that this contrib won't work in a server only setup, must be amended (or this is not the expected behaviour, will report in bugzilla too)

Offline stephdl

  • *
  • 1,519
  • +0/-0
    • Linux et Geekeries
Re: [contrib] fail2ban
« Reply #2 on: December 10, 2015, 10:25:21 AM »
looking to my server, also in 'server only' mode, I can see I have rules in iptables

[root@sme9 ~]# fail2ban-client status recidive
Status for the jail: recidive
|- Filter
|  |- Currently failed:   7
|  |- Total failed:   227
|  `- File list:   /var/log/fail2ban/daemon.log
`- Actions
   |- Currently banned:   1
   |- Total banned:   6
   `- Banned IP list:   211.23.156.152

[root@sme9 ~]# grep -srn '211.23.156.152' /etc/init.d/
/etc/init.d/masq:427:    /sbin/iptables --append $NEW_Fail2Ban -s 211.23.156.152 -j denylog

[root@sme9 ~]# iptables -L |grep 211.23.156.152
denylog    all  --  211-23-156-152.HINET-IP.hinet.net  anywhere


See http://wiki.contribs.org/Koozali_Foundation
irc : Freenode #sme_server #sme-fr

!!! Please write your knowledge to the Wiki !!!

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: [contrib] fail2ban
« Reply #3 on: December 10, 2015, 10:31:06 AM »
there was a problem on my server, i.e. masq was disabled.. once enabled, after a post-upgrade & reboot routine, everything is working now

I created a bug (9149) in BZ but it is closed now.. wiki's page has been updated to reflect what we discovered in the bug itself

Offline holck

  • ****
  • 317
  • +1/-0
Banning sub-nets
« Reply #4 on: August 18, 2017, 09:25:04 AM »
I'm very happy with this contrib, but think it would be even better if subnets could also be banned.

I found a script that - given an IP address - will find the subnet this address belongs to (if any):
https://github.com/fail2ban/fail2ban/issues/927 (see the comment from Toreit from June 12)

Toreit also suggest how this script can be used in fail2ban.

Will it be possible to do something similar for this contrib?
......

guest22

Re: [contrib] fail2ban
« Reply #5 on: August 18, 2017, 10:10:38 AM »
Excellent question/request. I hope Daniel will take a look at this and has the time to incorporate this into the contrib.