117 lines
2.7 KiB
Markdown
117 lines
2.7 KiB
Markdown
####Fail2ban
|
|
|
|
Be sure to configure mail notifications if you plan to use them.
|
|
Found in jail.local -
|
|
```bash
|
|
# Destination email address used solely for the interpolations in
|
|
# jail.{conf,local,d/*} configuration files.
|
|
destemail = user@gmail.com
|
|
|
|
# Sender email address used solely for some actions
|
|
sender = admin@hostname
|
|
|
|
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
|
|
# mailing. Change mta configuration parameter to mail if you want to
|
|
# revert to conventional 'mail'.
|
|
mta = mail
|
|
|
|
# Default protocol
|
|
protocol = tcp
|
|
```
|
|
|
|
|
|
Default fail2ban action set to `action = %(action_mwl)s`
|
|
|
|
These configurations can be used to activate the below jails within fail2ban -
|
|
```bash
|
|
[nginx-noproxy]
|
|
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-noproxy
|
|
logpath = /var/log/nginx/access.log
|
|
maxretry = 2
|
|
|
|
[nginx-nohome]
|
|
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-nohome
|
|
logpath = /var/log/nginx/access.log
|
|
maxretry = 2
|
|
|
|
[nginx-badbots]
|
|
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-badbots
|
|
logpath = /var/log/nginx/access.log
|
|
maxretry = 2
|
|
|
|
[nginx-noscript]
|
|
|
|
enabled = true
|
|
port = http,https
|
|
filter = nginx-noscript
|
|
logpath = /var/log/nginx/access.log
|
|
maxretry = 6
|
|
|
|
[nginx-http-auth]
|
|
|
|
enabled = true
|
|
filter = nginx-http-auth
|
|
port = http,https
|
|
logpath = /var/log/nginx/error.log
|
|
|
|
[sshd]
|
|
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
|
|
# normal (default), ddos, extra or aggressive (combines all).
|
|
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and[Definition]
|
|
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
|
|
ignoreregex = details.
|
|
#mode = normal
|
|
enabled = true
|
|
port = 22
|
|
logpath = %(sshd_log)s
|
|
backend = %(sshd_backend)s
|
|
```
|
|
|
|
The following filters are also included, which are required to exist within the `/etc/fail2ban/filter.d/` directory. All other jails within this configuration are provided with the default installation of fail2ban on Ubuntu.
|
|
|
|
```bash
|
|
# /etc/fail2ban/filter.d/nginx-noscript.conf
|
|
[Definition]
|
|
|
|
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
|
|
|
|
ignoreregex =
|
|
|
|
```
|
|
|
|
```bash
|
|
# /etc/fail2ban/filter.d/nginx-nohome.conf
|
|
[Definition]
|
|
|
|
failregex = ^<HOST> -.*GET .*/~.*
|
|
|
|
ignoreregex =
|
|
```
|
|
|
|
```bash
|
|
# /etc/fail2ban/filter.d/nginx-noproxy.conf
|
|
[Definition]
|
|
|
|
failregex = ^<HOST> -.*GET http.*
|
|
|
|
ignoreregex =
|
|
```
|
|
|
|
To use these configurations, nginx must be running on the host. Run the commands below to apply them.
|
|
```bash
|
|
git clone https://github.com/shaunrd0/klips;
|
|
sudo cp klips/configs/fail2ban/jail.local /etc/fail2ban/jail.local;
|
|
sudo cp klips/configs/fail2ban/nginx* /etc/fail2ban/filter.d/;
|
|
sudo systemctl restart fail2ban;
|
|
sudo fail2ban-client status;
|
|
```
|