Differences

This shows you the differences between two versions of the page.

--- howto:fail2ban [2017/09/19 11:49] – WIP (using fail2ban) ragnarok
+++ howto:fail2ban [2017/09/19 11:59] – continue with the doc ragnarok
@@ Line 3: / Line 3: @@
 Synchronet now have a built-it support to block incomming connections (see [[howto:block-hackers|Blocking "Hackers"]]) but it's feature protect SBBS services only. If you running another services/daemos on same server, you can use Fail2Ban and the to block at firewall level the ip address from the attacker.
-You must config an setup the sbbs log file that are explained here: [[config:nix|UNIX]]
+You must config and setup the sbbs log file that are explained here: [[config:nix|UNIX]]
 These examples where made on Debian GNU/Linux, but you can adjust and apply for another distribution like Ubuntu, Arch, Fedora, etc.
@@ Line 12: / Line 12: @@
 apt-get install fail2ban
 </code>
+Create the file /etc/fail2ban/jail.d/sbbs.conf
+<code>
+[sbbs-main]
+enabled  = true
+filter   = sbbs-main
+action   = iptables-allports[name=SBBS-main, protocol=all]
+logpath  = /var/log/sbbs.log
+maxretry = 3
+findtime = 21600
+bantime = 21600
+</code>
+Create the filter file /etc/fail2ban/filter.d/sbbs-main.conf
+<code>
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = Bad password from: <HOST>
+            Throttling suspicious connection from: <HOST>
+ignoreregex =
+</code>
+Reload or restart the service and verify if you jail is loaded:
+<code>
+# fail2ban-client status
+Status
+|- Number of jail:      7
+`- Jail list:           ssh, asterisk-udp, *sbbs-main*, nginx-http-auth, ssh-ddos, asterisk-tcp
+</code>
+After some time, you can observe via iptables that severals ip address was blocked
+<code>
+Chain fail2ban-SBBS-main (1 references)
+target     prot opt source               destination
+REJECT     all  --  49.64.51.116         0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  187.161.208.161      0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  190.130.22.81        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  94.123.59.80         0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  118.175.228.237      0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  220.240.252.176      0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  71.248.179.3         0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  185.29.71.147        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  201.69.90.121        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  78.186.210.14        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  117.247.90.134       0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  37.130.109.12        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  189.110.122.99       0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  24.70.18.200         0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  112.164.94.30        0.0.0.0/0            reject-with icmp-port-unreachable
+REJECT     all  --  37.109.137.13        0.0.0.0/0            reject-with icmp-port-unreachable
+RETURN     all  --  0.0.0.0/0            0.0.0.0/0
+</code>
 ===== See Also =====
   * [[:howto:|howto index]]

Trace:

Differences

Navigation

Search

Toolbox