fail2ban compliant ?
Posted: 05 Jul 2019 05:36
Hi
did anybody try fail2ban with EFA4 already ?
thx
did anybody try fail2ban with EFA4 already ?
thx
HiAlleyviper wrote: ↑25 Jul 2019 12:45 Hi there,
Fail2ban is always compliant you install the package and define the rules and it Will analyze system logs and do the blocking what we can do is improve and add fail2ban to efa menu, including add and remove ips do block
Code: Select all
[root@efa4 ~]# fail2ban-client show sshd
2020-05-24 07:48:16,682 fail2ban [19670]: ERROR NOK: ('Invalid command',)
Invalid command
Code: Select all
[root@efa4 fail2ban]# ipset list
Name: f2b-sshd
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 6000
Size in memory: 76536
References: 1
Number of entries: 20
Members:
14.192.17.150 timeout 5413
222.186.15.10 timeout 2811
222.186.30.218 timeout 4409
222.186.30.112 timeout 1814
222.186.190.14 timeout 475
157.230.153.75 timeout 1214
190.60.200.126 timeout 1092
107.170.20.247 timeout 987
222.186.175.23 timeout 2138
106.12.163.87 timeout 1706
103.207.36.223 timeout 3242
222.186.31.166 timeout 3766
222.186.180.130 timeout 4082
222.186.30.167 timeout 3444
223.247.153.244 timeout 1542
61.160.52.58 timeout 273
222.186.15.115 timeout 4746
111.229.33.175 timeout 2010
222.186.42.136 timeout 1146
222.186.42.7 timeout 5066
[root@efa4 fail2ban]#
Code: Select all
# dump the configuration so we can see what is really enabled
$ fail2ban-client -d
# show the status of the fail2ban
$ fail2ban-client status
# I have the postfix-sasl jail configured only.
$ fail2ban-client status postfix-sasl
Code: Select all
[root@efa4 ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 18
| |- Total failed: 79506
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 43
|- Total banned: 6769
`- Banned IP list: 218.4.163.146 118.27.9.244 138.36.102.134 106.12.197.52 222.186.15.158 188.131.173.220 222.186.15.115 222.186.30.167 200.205.188.74 64.225.25.59 5.196.63.250 209.141.37.175 187.155.200.84 222.186.30.218 222.186.42.155 119.29.26.222 45.114.85.82 68.183.110.49 222.186.30.76 222.186.30.35 51.38.128.30 152.136.144.86 168.232.131.62 92.154.121.54 49.235.39.217 128.199.85.251 203.176.84.54 117.50.13.170 139.198.5.79 222.186.180.142 193.38.139.103 51.89.68.141 194.61.55.164 206.81.14.48 106.52.24.215 222.186.42.136 51.75.78.128 46.140.151.66 222.186.180.130 111.230.248.93 159.89.157.75 95.84.146.201 222.186.30.57
[root@efa4 ~]# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
[root@efa4 ~]# fail2ban-client get sshd actions
The jail sshd has the following actions:
firewallcmd-ipset
Code: Select all
REJECT tcp -- anywhere anywhere multiport dports ssh match-set f2b-sshd src reject-with icmp-port-unreachable
Code: Select all
[root@efa4 log]# grep "SASL LOGIN authentication failed" maillog | wc -l
3886