Fail2ban: Difference between revisions
From DWIKI
mNo edit summary |
m (→HOWTO) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Links= | |||
*[http://www.fail2ban.org/wiki/index.php/Main_Page Homepage Wiki] | |||
*[https://www.sshguard.net/ sshguard, an alternative] | |||
*[https://wiki.archlinux.org/title/fail2ban Archlinux wiki fail2ban] | |||
=Custom rules= | =Custom rules= | ||
| Line 8: | Line 13: | ||
=HOWTO= | |||
==test filter== | |||
fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf | |||
==fail2ban-client== | |||
=FAQ= | =FAQ= | ||
| Line 13: | Line 24: | ||
== Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'== | == Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'== | ||
Enabling sshd-ddos filter seems to trigger this | Enabling sshd-ddos filter seems to trigger this | ||
==WARNING Unable to find a corresponding IP address for client: (-2, 'Name or service not known')== | |||
Crap code, maybe look at usedns in fail.conf | |||
==I don't see the rules== | |||
Maybe its using ipset, check | |||
ipset list | |||
==unban an IP== | |||
fail2ban-client set <jailname> unbanip <bannedip> | |||
==sshd rule not working on Ubuntu 20.04== | |||
Probably silently fails on missing pyinotify | |||
apt install inotify-tools inotify-hookable python-pyinotify | |||
OR change backend: | |||
sshd_backend = systemd | |||
(not working??) | |||
Latest revision as of 13:41, 13 August 2024
Links
Custom rules
assp.conf
failregex = \[Worker_.*\] <HOST> \[SMTP Error\] 535 5.7.8 Error: authentication failed:
\[Worker_.*\] \[SSL-in\] \[TLS-out\] <HOST> \[SMTP Error\] 535
\[Worker_.*\] \[MessageLimit\] <HOST>
\[Worker_.*\] <HOST> .* \[SMTP Error\] 554 5.7.1
HOWTO
test filter
fail2ban-regex /usr/share/assp/logs/maillog.txt /etc/fail2ban/filter.d/assp.conf
fail2ban-client
FAQ
Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'
Enabling sshd-ddos filter seems to trigger this
WARNING Unable to find a corresponding IP address for client: (-2, 'Name or service not known')
Crap code, maybe look at usedns in fail.conf
I don't see the rules
Maybe its using ipset, check
ipset list
unban an IP
fail2ban-client set <jailname> unbanip <bannedip>
sshd rule not working on Ubuntu 20.04
Probably silently fails on missing pyinotify
apt install inotify-tools inotify-hookable python-pyinotify
OR change backend:
sshd_backend = systemd
(not working??)
