You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

3.7 KiB

title tags updated description
Fail2ban [fail2ban systemd gitea gotify roundcube filter ban] 2020-10-07 12:09 Customization of Fail2ban filter, rules and settings

Table of contents

Introduction

This is a list of custom filters, rules and settings I use for Fail2ban.

Global options

Fail2ban

  • /etc/fail2ban/jail.local

    ignoreip = 127.0.0.1/8 ::1                          # add your local network here to avoid being locked out
    mta = sendmail                                      # you must have postfix working
    sender =                                            # add the sender email
    destemail =                                         # add the destination email
    maxretry = 3
    bantime  = 15d
    findtime  = 60s
    banaction = iptables-allports
    action = %(action_mwl)s
    

Systemd service

Follow the instructions reported here

  • # systemctl edit fai2ban

    # GFDL v1.3+
    # ArchWiki contributors
    # https://wiki.archlinux.org/index.php/Fail2ban
    
    [Service]
    PrivateDevices=yes
    PrivateTmp=yes
    ProtectHome=read-only
    ProtectSystem=strict
    
    ## NoNewPrivileges=yes                        # I had problems sending emails with this option enabled.
    
    ReadWritePaths=-/var/run/fail2ban
    ReadWritePaths=-/var/lib/fail2ban
    ReadWritePaths=-/var/log/fail2ban
    ReadWritePaths=-/var/spool/postfix/maildrop
    ReadWritePaths=-/run/xtables.lock
    CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
    
    [Unit]
    OnFailure=notify-unit-status@%n.service       # Optional. See https://frnmst.github.io/automated-tasks/scripts.html#notify-unit-status-py
    After=postfix.service
    Requires=postfix.service
    
  • /etc/fail2ban/fail2ban.local

    # GFDL v1.3+
    # ArchWiki contributors
    # https://wiki.archlinux.org/index.php/Fail2ban
    
    [Definition]
    logtarget = /var/log/fail2ban/fail2ban.log
    

Filters

Gitea

Gotify

  • /etc/fail2ban/filter.d/gotify.conf

    [Definition]
    failregex = .*?\| 401 \|.*?\|.*?<HOST> \| POST.*?"/client"
    ignoreregex = Error #01: you need to provide a valid access token or user credentials to access this api.*
    datepattern = %%Y/%%m/%%d - %%H:%%M:%%S
    

Roundcube

Jails

Gitea

Gotify

  • /etc/fail2ban/jail.local

    [gotify]
    enabled = true
    port = http,https
    filter = gotify
    logpath = /var/log/gotify/server.log
    

Roundcube

  • /etc/fail2ban/jail.local

    [roundcube]
    enabled = true
    port = http,https
    filter = roundcube-auth
    logpath = /var/log/roundcubemail/errors.log