On Fri, May 8, 2015 at 3:11 PM, Johannes Weberhofer
wrote:
Dear all!
Finally I have prepared the long-requested 0.9.x version for fail2ban. With
version 0.9 many things changed in fail2ban: It supports systemd logging and
improves configuration a lot.
It would be great if some of you could test the versions I have packaged in
http://download.opensuse.org/repositories/home:/weberho:/branches:/security/
and give some feedback. Please review all your configurations; I'll highly
recommend to have a look at the changelog at
https://github.com/fail2ban/fail2ban/blob/master/ChangeLog
If there are no objections, I'd updated the security: repository next week.
Best regards,
Johannes
--
Johannes Weberhofer
Weberhofer GmbH, Austria, Vienna
Johannes,
I thought I'd give fail2ban a try. I haven't used it much before so
I'm a novice.
First I used a very simple jail.local file and it seems to work:
==
[DEFAULT]
ignoreip = 127.0.0.1/8
destemail = Greg.Freemyer@gmail.com
[sshd]
enabled = true
[sshd-ddos]
enabled = true
==
But I wanted to add a permanent ban for repeat SSH offenders.
I found a blog post with a recipe:
http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban...
Following that 2 year old recipe doesn't seem to work with v0.9
Do you know of one that does?
fyi: Here's the 2-year old recipe from the blog post
Add this to jail.local
=================================
[ssh-repeater]
enabled = true
filter = sshd
action = iptables-repeater[name=ssh]
sendmail-whois[name=SSH-repeater, dest=root, sender=root,
sendername="Fail2Ban"]
logpath = /var/log/messages
maxretry = 21
findtime = 31536000
bantime = 31536000
==================================
Create a file /etc/fail2ban/action.d/iptables-repeater.conf with content:
===================================
# Fail2ban configuration file
#
# Author: Phil Hagen
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = iptables -N fail2ban-REPEAT-<name>
iptables -A fail2ban-REPEAT-<name> -j RETURN
iptables -I INPUT -j fail2ban-REPEAT-<name>
# set up from the static file
cat /etc/fail2ban/ip.blocklist.<name> |grep -v ^\s*#|awk
'{print $1}' | while read IP; do iptables -I fail2ban-REPEAT-<name> 1
-s $IP -j DROP; done
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D INPUT -j fail2ban-REPEAT-<name>
iptables -F fail2ban-REPEAT-<name>
iptables -X fail2ban-REPEAT-<name>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L INPUT | grep -q fail2ban-REPEAT-<name>
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionban = iptables -I fail2ban-REPEAT-<name> 1 -s <ip> -j DROP
# also put into the static file to re-populate after a restart
! grep -Fq <ip> /etc/fail2ban/ip.blocklist.<name> && echo
"<ip> # fail2ban/$( date '+%%Y-%%m-%%d %%T' ): auto-add for repeat
offender" >> /etc/fail2ban/ip.blocklist.<name>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: <ip> IP address
# <failures> number of failures
# <time> unix timestamp of the ban time
# Values: CMD
#
actionunban = /bin/true
[Init]
# Defaut name of the chain
#
name = REPEAT
=====================================
Thanks
Greg
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org