Fail2ban: Difference between revisions
m (move comment to own line) |
No edit summary |
||
| Line 1: | Line 1: | ||
== Protecting the web interface with fail2ban == | == Protecting the web interface with fail2ban == | ||
<pre> | <pre>apt-get install fail2ban</pre> | ||
Create, if does not exist, the file jail.local | Create, if does not exist, the file jail.local | ||
| Line 9: | Line 7: | ||
Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not) | Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not) | ||
The following configuration works, unchanged, for Proxmox 3.x and 4.x ( | The following configuration works, unchanged, for Proxmox 3.x and 4.x (last test with 4.3) | ||
Add the following string to the end of this file /etc/fail2ban/jail.local : | Add the following string to the end of this file /etc/fail2ban/jail.local : | ||
| Line 43: | Line 41: | ||
<pre> | <pre> | ||
systemctl restart fail2ban | |||
</pre> | </pre> | ||
== Links == | == Links == | ||
* [http://www.fail2ban.org/wiki/index.php/Main_Page] | |||
* [http://extremeshok.com/blog/?page_id=810 Proxmox VE 2.1 - Harden Network] | * [http://extremeshok.com/blog/?page_id=810 Proxmox VE 2.1 - Harden Network] | ||
* [http://forum.proxmox.com/threads/3583-How-To-implement-Fail2Ban-on-Host Forum Post] | * [http://forum.proxmox.com/threads/3583-How-To-implement-Fail2Ban-on-Host Forum Post] | ||
* [http://forum.proxmox.com/threads/16156-Fail2ban-for-Proxmox-3-1 Forum Post for 3.1] | * [http://forum.proxmox.com/threads/16156-Fail2ban-for-Proxmox-3-1 Forum Post for 3.1] | ||
[[Category: HOWTO]] | [[Category: HOWTO]] [[Category: Technology]] | ||
Revision as of 10:56, 25 October 2016
Protecting the web interface with fail2ban
apt-get install fail2ban
Create, if does not exist, the file jail.local (settings in this file takes precedence over identical settings of jail.conf. Use jail.conf as a template, copying and enabling into jail.local what you are interested in. Note that jail.conf could be overwritten by fail2ban package updates, jail.local will not)
The following configuration works, unchanged, for Proxmox 3.x and 4.x (last test with 4.3)
Add the following string to the end of this file /etc/fail2ban/jail.local :
[proxmox] enabled = true port = https,http,8006 filter = proxmox logpath = /var/log/daemon.log maxretry = 3 # 1 hour bantime = 3600
Create the file /etc/fail2ban/filter.d/proxmox.conf :
[Definition] failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* ignoreregex =
You can test your configuration trying to GUI login with a wrong password or user, and then issue the command :
fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf
You should have *at least* a "Failregex: 1 total" at the top of the "Results" section (and "1 matched" at the bottom)
Restart fail2ban:
systemctl restart fail2ban