Fail2ban: Difference between revisions
Jump to navigation
Jump to search
(→Links) |
No edit summary |
||
| Line 1: | Line 1: | ||
Note: article taken straight from [http://forum.proxmox.com/threads/16156-Fail2ban-for-Proxmox-3-1 this forum post] | |||
==Protecting the web interface with fail2ban== | |||
<pre>aptitude install fail2ban</pre> | |||
Add the following string to the end of this file /etc/fail2ban/jail.local : | |||
<pre> | |||
[proxmox3] | |||
enabled = true | |||
port = https,http,8006 | |||
filter = proxmox3 | |||
logpath = /var/log/daemon.log | |||
maxretry = 3 | |||
bantime = 3600 # 1 hour | |||
</pre> | |||
Create the file /etc/fail2ban/filter.d/proxmox3.conf : | |||
<pre> | |||
[Definition] | |||
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* | |||
ignoreregex = | |||
</pre> | |||
You can test your configuration with the command : | |||
<pre> | |||
fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox3.conf | |||
</pre> | |||
Restart fail2ban: | |||
<pre> | |||
/etc/init.d/fail2ban restart | |||
</pre> | |||
=Links= | =Links= | ||
* [http://extremeshok.com/blog/?page_id=810 Proxmox VE 2.1 - Harden Network] | * [http://extremeshok.com/blog/?page_id=810 Proxmox VE 2.1 - Harden Network] | ||
* [http://forum.proxmox.com/threads/3583-How-To-implement-Fail2Ban-on-Host Forum Post] | * [http://forum.proxmox.com/threads/3583-How-To-implement-Fail2Ban-on-Host Forum Post] | ||
* [http://forum.proxmox.com/threads/16156-Fail2ban-for-Proxmox-3-1 Forum Post for 3.1] | |||
[[Category: HOWTO]] | [[Category: HOWTO]] | ||
Revision as of 12:31, 18 February 2014
Note: article taken straight from this forum post
Protecting the web interface with fail2ban
aptitude install fail2ban
Add the following string to the end of this file /etc/fail2ban/jail.local :
[proxmox3] enabled = true port = https,http,8006 filter = proxmox3 logpath = /var/log/daemon.log maxretry = 3 bantime = 3600 # 1 hour
Create the file /etc/fail2ban/filter.d/proxmox3.conf :
[Definition] failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* ignoreregex =
You can test your configuration with the command :
fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox3.conf
Restart fail2ban:
/etc/init.d/fail2ban restart