Fail2ban: Difference between revisions
mNo edit summary |
|||
| Line 8: | Line 8: | ||
(settings in this file takes precedence over identical settings of jail.conf. Use jail.conf as a template, copying and enabling into jail.local what you are interested in. | (settings in this file takes precedence over identical settings of jail.conf. Use jail.conf as a template, copying and enabling into jail.local what you are interested in. | ||
Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not) | Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not) | ||
The following configuration works, unchanged, for Proxmox 3.x and 4.x (tested with 4.1) | |||
Add the following string to the end of this file /etc/fail2ban/jail.local : | Add the following string to the end of this file /etc/fail2ban/jail.local : | ||
<pre> | <pre> | ||
[ | [proxmox] | ||
enabled = true | enabled = true | ||
port = https,http,8006 | port = https,http,8006 | ||
filter = | filter = proxmox | ||
logpath = /var/log/daemon.log | logpath = /var/log/daemon.log | ||
maxretry = 3 | maxretry = 3 | ||
| Line 21: | Line 23: | ||
</pre> | </pre> | ||
Create the file /etc/fail2ban/filter.d/ | Create the file /etc/fail2ban/filter.d/proxmox.conf : | ||
<pre> | <pre> | ||
| Line 29: | Line 31: | ||
</pre> | </pre> | ||
You can test your configuration with the command : | You can test your configuration trying to GUI login with a wrong password or user, and then issue the command : | ||
<pre> | <pre> | ||
fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/ | fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf | ||
</pre> | </pre> | ||
You should have *at least* a "Failregex: 1 total" at the top of the "Results" section (and "1 matched" at the bottom) | |||
Restart fail2ban: | Restart fail2ban: | ||
Revision as of 11:05, 28 February 2016
Note: article taken straight from this forum post
Protecting the web interface with fail2ban
aptitude install fail2ban
Create, if does not exist, the file jail.local (settings in this file takes precedence over identical settings of jail.conf. Use jail.conf as a template, copying and enabling into jail.local what you are interested in. Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not)
The following configuration works, unchanged, for Proxmox 3.x and 4.x (tested with 4.1)
Add the following string to the end of this file /etc/fail2ban/jail.local :
[proxmox] enabled = true port = https,http,8006 filter = proxmox logpath = /var/log/daemon.log maxretry = 3 bantime = 3600 # 1 hour
Create the file /etc/fail2ban/filter.d/proxmox.conf :
[Definition] failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* ignoreregex =
You can test your configuration trying to GUI login with a wrong password or user, and then issue the command :
fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf
You should have *at least* a "Failregex: 1 total" at the top of the "Results" section (and "1 matched" at the bottom)
Restart fail2ban:
/etc/init.d/fail2ban restart