frnmst
/
blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity Software
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
119 Commits
2 Branches
0 Tags
17 MiB
 
 
 
 
Tree: 1feebbeef4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1feebbeef4'
${ noResults }
blog/_posts/2020-10-07-fail2ban.md

3.7 KiB
Raw Blame History

title tags updated description
Fail2ban [fail2ban systemd gitea gotify roundcube filter ban] 2020-10-07 12:09 Customization of Fail2ban filter, rules and settings

Table of contents

Introduction

This is a list of custom filters, rules and settings I use for Fail2ban.

Global options

Fail2ban

  • /etc/fail2ban/jail.local

    ignoreip = 127.0.0.1/8 ::1                          # add your local network here to avoid being locked out
mta = sendmail                                      # you must have postfix working
sender =                                            # add the sender email
destemail =                                         # add the destination email
maxretry = 3
bantime  = 15d
findtime  = 60s
banaction = iptables-allports
action = %(action_mwl)s

Systemd service

Follow the instructions reported here

  • # systemctl edit fai2ban

    # GFDL v1.3+
# ArchWiki contributors
# https://wiki.archlinux.org/index.php/Fail2ban

[Service]
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=read-only
ProtectSystem=strict

## NoNewPrivileges=yes                        # I had problems sending emails with this option enabled.

ReadWritePaths=-/var/run/fail2ban
ReadWritePaths=-/var/lib/fail2ban
ReadWritePaths=-/var/log/fail2ban
ReadWritePaths=-/var/spool/postfix/maildrop
ReadWritePaths=-/run/xtables.lock
CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW

[Unit]
OnFailure=notify-unit-status@%n.service       # Optional. See https://frnmst.github.io/automated-tasks/scripts.html#notify-unit-status-py
After=postfix.service
Requires=postfix.service

  • /etc/fail2ban/fail2ban.local

    # GFDL v1.3+
# ArchWiki contributors
# https://wiki.archlinux.org/index.php/Fail2ban

[Definition]
logtarget = /var/log/fail2ban/fail2ban.log

Filters

Gitea

Gotify

  • /etc/fail2ban/filter.d/gotify.conf

    [Definition]
failregex = .*?\| 401 \|.*?\|.*?<HOST> \| POST.*?"/client"
ignoreregex = Error #01: you need to provide a valid access token or user credentials to access this api.*
datepattern = %%Y/%%m/%%d - %%H:%%M:%%S

Roundcube

Jails

Gitea

Gotify

  • /etc/fail2ban/jail.local

    [gotify]
enabled = true
port = http,https
filter = gotify
logpath = /var/log/gotify/server.log

Roundcube

  • /etc/fail2ban/jail.local

    [roundcube]
enabled = true
port = http,https
filter = roundcube-auth
logpath = /var/log/roundcubemail/errors.log