Fail2ban on EFA MENU
Posted: 04 Jan 2019 02:15
Hi there,
Security is never enough. One feature I'm currently trying to add is Fail2ban Control on Efa Menu.
For now i have the following script:
####################
#!/bin/bash
yum install -y fail2ban
chkconfig fail2ban on
touch /etc/fail2ban/jail.d/local.conf
cat << EOF > /etc/fail2ban/jail.d/local.conf
[postfix-sasl]
enabled = true
filter = postfix-sasl
action = iptables[name=POSTFIX-SASL, port=smtp, protocol=tcp]
logpath = /var/log/maillog
maxretry = 5
bantime = 2592000
[sshd]
enabled = true
port = ssh
action = iptables-multiport
logpath = /var/log/secure
maxretry = 9
bantime = 2592000
EOF
service iptables save
/etc/init.d/iptables restart
/etc/init.d/fail2ban start
####################
This allows fail2ban to be installed with sshd and sasl authentication IP ban if x attempts made.
Maybe it Will be useful for you guys.
Further development Will allow from EFA menu to check how many ips are banned or to check if One on particular exists on ban list and even to unban if needed.
HTTPS block to EFA is not yet configured.
#######
Status for the jail: postfix-sasl |- Filter | |- Currently failed: 1 | |- Total failed: 16 | `- File list: /var/log/maillog `- Actions |- Currently banned: 15 |- Total banned: 15 `- Banned IP list: 149.56.173.70 185.161.224.10 185.204.207.215 185.234.216.87 185.234.218.231 188.165.221.36 188.81.41.164 191.96.249.23 191.96.249.43 196.28.236.73 198.50.241.77 217.217.179.17 37.49.225.21 81.130.166.70 89.248.172.85 Status for the jail: ssh-iptables |- Filter | |- Currently failed: 2 | |- Total failed: 46 | `- File list: /var/log/secure `- Actions |- Currently banned: 228 |- Total banned: 228 `- Banned IP list: 101.236.46.34 103.243.138.30 103.40.20.174 103.40.23.251 103.80.31.56 104.168.144.8 104.234.223.14 104.248.223.115 104.248.77.96 106.12.85.241 106.51.39.163 107.23.201.233 108.160.140.40 109.48.212.139 111.207.49.184 111.230.28.139 111.231.119.29 111.231.144.140 112.85.42.144 112.85.42.148 112.85.42.150 112.85.42.156 112.85.42.195 112.85.42.196 112.85.42.198 112.85.42.230 112.85.42.235 112.85.42.62 114.112.93.72 115.233.246.46 115.238.245.2 115.238.245.4 115.238.245.8 116.237.155.47 116.31.116.2 117.156.94.32 118.123.15.142 118.151.209.119 118.24.113.48 118.24.186.210 118.26.69.133 119.92.87.23 121.22.80.117 122.115.54.132 122.194.229.3 122.194.229.42 122.226.181.164 122.226.181.165 122.226.181.166 122.226.181.167 123.127.87.37 123.207.173.22 123.207.27.242 125.65.42.192 128.199.140.214 129.157.169.204 129.211.108.184 129.211.36.199 132.232.204.240 132.232.221.202 132.232.243.134 132.232.33.174 132.232.36.229 132.232.76.213 132.232.82.170 132.232.97.57 134.175.180.208 134.175.20.105 134.175.59.130 139.199.113.236 139.199.203.114 139.59.173.17 14.1.29.76 142.93.100.148 142.93.160.109 144.217.167.219 148.70.2.198 148.70.63.247 150.109.59.70 150.131.194.143 151.15.100.195 151.80.155.3 154.8.219.151 156.237.129.214 159.89.155.92 164.132.43.198 167.114.234.173 167.99.170.19 176.206.190.148 176.209.174.187 177.11.121.15 178.62.102.53 178.62.94.180 180.167.10.39 180.76.162.45 185.143.223.191 185.148.38.112 185.148.38.
Security is never enough. One feature I'm currently trying to add is Fail2ban Control on Efa Menu.
For now i have the following script:
####################
#!/bin/bash
yum install -y fail2ban
chkconfig fail2ban on
touch /etc/fail2ban/jail.d/local.conf
cat << EOF > /etc/fail2ban/jail.d/local.conf
[postfix-sasl]
enabled = true
filter = postfix-sasl
action = iptables[name=POSTFIX-SASL, port=smtp, protocol=tcp]
logpath = /var/log/maillog
maxretry = 5
bantime = 2592000
[sshd]
enabled = true
port = ssh
action = iptables-multiport
logpath = /var/log/secure
maxretry = 9
bantime = 2592000
EOF
service iptables save
/etc/init.d/iptables restart
/etc/init.d/fail2ban start
####################
This allows fail2ban to be installed with sshd and sasl authentication IP ban if x attempts made.
Maybe it Will be useful for you guys.
Further development Will allow from EFA menu to check how many ips are banned or to check if One on particular exists on ban list and even to unban if needed.
HTTPS block to EFA is not yet configured.
#######
Status for the jail: postfix-sasl |- Filter | |- Currently failed: 1 | |- Total failed: 16 | `- File list: /var/log/maillog `- Actions |- Currently banned: 15 |- Total banned: 15 `- Banned IP list: 149.56.173.70 185.161.224.10 185.204.207.215 185.234.216.87 185.234.218.231 188.165.221.36 188.81.41.164 191.96.249.23 191.96.249.43 196.28.236.73 198.50.241.77 217.217.179.17 37.49.225.21 81.130.166.70 89.248.172.85 Status for the jail: ssh-iptables |- Filter | |- Currently failed: 2 | |- Total failed: 46 | `- File list: /var/log/secure `- Actions |- Currently banned: 228 |- Total banned: 228 `- Banned IP list: 101.236.46.34 103.243.138.30 103.40.20.174 103.40.23.251 103.80.31.56 104.168.144.8 104.234.223.14 104.248.223.115 104.248.77.96 106.12.85.241 106.51.39.163 107.23.201.233 108.160.140.40 109.48.212.139 111.207.49.184 111.230.28.139 111.231.119.29 111.231.144.140 112.85.42.144 112.85.42.148 112.85.42.150 112.85.42.156 112.85.42.195 112.85.42.196 112.85.42.198 112.85.42.230 112.85.42.235 112.85.42.62 114.112.93.72 115.233.246.46 115.238.245.2 115.238.245.4 115.238.245.8 116.237.155.47 116.31.116.2 117.156.94.32 118.123.15.142 118.151.209.119 118.24.113.48 118.24.186.210 118.26.69.133 119.92.87.23 121.22.80.117 122.115.54.132 122.194.229.3 122.194.229.42 122.226.181.164 122.226.181.165 122.226.181.166 122.226.181.167 123.127.87.37 123.207.173.22 123.207.27.242 125.65.42.192 128.199.140.214 129.157.169.204 129.211.108.184 129.211.36.199 132.232.204.240 132.232.221.202 132.232.243.134 132.232.33.174 132.232.36.229 132.232.76.213 132.232.82.170 132.232.97.57 134.175.180.208 134.175.20.105 134.175.59.130 139.199.113.236 139.199.203.114 139.59.173.17 14.1.29.76 142.93.100.148 142.93.160.109 144.217.167.219 148.70.2.198 148.70.63.247 150.109.59.70 150.131.194.143 151.15.100.195 151.80.155.3 154.8.219.151 156.237.129.214 159.89.155.92 164.132.43.198 167.114.234.173 167.99.170.19 176.206.190.148 176.209.174.187 177.11.121.15 178.62.102.53 178.62.94.180 180.167.10.39 180.76.162.45 185.143.223.191 185.148.38.112 185.148.38.