start:howto:fail2ban
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
start:howto:fail2ban [2015/09/28 15:40] mrpink [nginx-http-auth.conf] |
start:howto:fail2ban [2016/09/17 15:11] flames |
||
|---|---|---|---|
| Line 10: | Line 10: | ||
| First we need to install fail2ban via aptitude | First we need to install fail2ban via aptitude | ||
| - | <konsole root> | + | |
| - | # aptitude update | + | # aptitude update && aptitude install fail2ban |
| - | # aptitude install fail2ban | + | |
| - | </konsole> | + | |
| ===== Configuration ===== | ===== Configuration ===== | ||
| Line 184: | Line 182: | ||
| filter = proftpd | filter = proftpd | ||
| logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| + | maxretry = 6 | ||
| + | |||
| + | |||
| + | [vsftpd] | ||
| + | |||
| + | enabled = true | ||
| + | port = ftp,ftp-data,ftps,ftps-data | ||
| + | filter = vsftpd-custom | ||
| + | logpath = /var/log/vsftpd.log | ||
| maxretry = 6 | maxretry = 6 | ||
| Line 308: | Line 315: | ||
| ---- | ---- | ||
| - | Now restart fail2ban and test if all is working: | + | Restart fail2ban and test if all is working: |
| - | <konsole root> | ||
| # service fail2ban restart | # service fail2ban restart | ||
| - | </konsole> | + | |
| + | |||
| + | ===== vsftpd ===== | ||
| + | |||
| + | Now create a new file **/etc/fail2ban/filter.d/vsftpd-fixed.conf** and copy the following content into the file: | ||
| + | |||
| + | <code> | ||
| + | # Fail2Ban filter for vsftp | ||
| + | # | ||
| + | # Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch | ||
| + | # /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the | ||
| + | # incoming ip address rather than domain names. | ||
| + | |||
| + | [INCLUDES] | ||
| + | |||
| + | before = common.conf | ||
| + | |||
| + | [Definition] | ||
| + | |||
| + | __pam_re=\(?pam_unix(?:\(\S+\))?\)?:? | ||
| + | _daemon = vsftpd | ||
| + | |||
| + | failregex = ^%(__prefix_line)s%(__pam_re)s\s+Permission denied; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ | ||
| + | ^ \[pid \d+\] \[.+\]\s+FTP response: Client "::ffff:<HOST>",\s*"530 Permission denied\."\s*$ | ||
| + | |||
| + | ignoreregex = | ||
| + | |||
| + | # Version from fail2ban wiki does't work, fixed version | ||
| + | </code> | ||
| + | |||
| + | ---- | ||
| + | |||
| + | Restart fail2ban and test if all is working: | ||
| + | |||
| + | |||
| + | # service fail2ban restart | ||
| ===== Test & Debug ===== | ===== Test & Debug ===== | ||
| Line 318: | Line 361: | ||
| To test your current config use fail2ban-regex. Here an example for dovecot: | To test your current config use fail2ban-regex. Here an example for dovecot: | ||
| - | <konsole root> | ||
| # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot.conf | # fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot.conf | ||
| - | </konsole> | ||
| ===== Links ===== | ===== Links ===== | ||
| Fail2ban offical website --> [[http://www.fail2ban.org]] | Fail2ban offical website --> [[http://www.fail2ban.org]] | ||
/var/www/virtual/i-mscp.net/wiki/htdocs/data/pages/start/howto/fail2ban.txt · Last modified: 2016/09/17 15:12 by flames
