How stop brute force passwords

service fail2ban onestart
2024-08-14 08:09:34,891 fail2ban [5655]: ERROR Failed during configuration: Have not found any log file for selinux-ssh jail
 
Then you can create the same jail.local as my example and you are done. Only edit the ignoreip to match your trusted ip range.
 
hasbeen said:
My provider would not discuss or care who or what floods my IP(s), when they let me play my own TCP/IP service(s). Though, I have a router that has DDoS protection option, so I have to talk to my router's manufaturer how they keep the funnel from overflowing :)
Click to expand...

Router will not prevent DDoS attacks. Many providers don't have the resources or equipment to prevent large scale DDoS attacks. Look at X (Twitter) and it was brought down by DDoS attacks during Musk's interview with Trump.
 
I do

[selinux-ssh]

port = ssh
logpath = %(auditd_log)s
----->
#[selinux-ssh]

#port = ssh
#logpath = %(auditd_log)s


- didn't help :
service fail2ban onestart
2024-08-14 08:23:20,019 fail2ban [5723]: ERROR Failed during configuration: Have not found any log file for selinux-ssh jail

Maybe this is a bug?
 
I deleted absolutely all jails - still won't start fail2ban ( ERROR Failed during configuration: Have not found any log file for selinux-ssh jail.) It starts only if the jail configuration is not true but false
 
I understand that in freebsd 14.1 you can’t use jail fail2ban and no one is fixing this problem
 
Remington said:
Router will not prevent DDoS attacks. Many providers don't have the resources or equipment to prevent large scale DDoS attacks. Look at X (Twitter) and it was brought down by DDoS attacks during Musk's interview with Trump.
Click to expand...
I understand your point, I should have said "mitigate". Same applies to evil doers with hacking skills. You can't prevent anyone trying to break into a networked system connected to Internet or protect the network from being flooded by botnet(s). I have never experienced DDoS attack with my cheap Draytek router. Though, I wondered if that feature was a gimmick or the router would actually deal with serious DDoS attack. Anyway, I'm not playing wannabe TCP/IP service provider anymore. So, I don't have to worry about hackers scanning ports, trying brute force to get root, looking for open smtp relays or just being annoyed with script kiddies.
 
kerogaz said:
I understand that in freebsd 14.1 you can’t use jail fail2ban and no one is fixing this problem
Click to expand...
It's working for me just fine under FreeBSD 14.1

Can you show what you have in your configuration in /usr/local/etc/fail2ban/jail.d/and /usr/local/etc/fail2ban/jail.local
 
Code: 
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
maxretry = 3
logencoding = auto
enabled = true
mta = sendmail
protocol = tcp
port = 0:65535

fail2ban_agent = Fail2Ban/%(fail2ban_version)s

banaction = iptables-multiport
banaction_allports = iptables-allports

action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mw = %(action_)s
            %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mwl = %(action_)s

%(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)>
action_xarf = %(action_)s
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]


action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(cha>

action_blocklist_de  = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", >

action_abuseipdb = abuseipdb

action = %(action_)s


#
# JAILS
#

#
# SSH servers
------
and lot of jails inclduding selinux jail
I've been working with fail2ban on CentOS for ten years and there are no problems. But, I turned off selinux there.
 
VladiBG said:
You can't copy config file from CentOS and expect to work on different OS.
Click to expand...
For the sake of interest, I'll put fail2ban on ArchLinux, which I'm using to talk to you now.
pacman -S fail2ban
nano /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
bantime = 300
ignoreip = 127.0.0.1
 
VladiBG said:
I already gave you configuration in my previous post.
Click to expand...

Why do I need your config if I just installed it now on ArchLinux in three steps and it works without problems

nano /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
bantime = 300
ignoreip = 127.0.0.1

systemctl restart fail2ban

fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
[root@pal fail2ban]# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
 
I took the jail,local from ArchLinux and fail2ban worked on Freebsd ( and no section [ DEFAULT] is needed :)

nano /usr/local/etc/fail2ban/jail.local

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
bantime = 300
ignoreip = 127.0.0.1
#and I add for FreeBSD:
action = bsd-ipfw


service fail2ban onestart
Server ready

root@celebris:/usr/local/etc # fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
 
fail2ban starts but not ban ip
fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 2
| |- Total failed: 4
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
 
hasbeen said:
I understand your point, I should have said "mitigate". Same applies to evil doers with hacking skills. You can't prevent anyone trying to break into a networked system connected to Internet or protect the network from being flooded by botnet(s). I have never experienced DDoS attack with my cheap Draytek router. Though, I wondered if that feature was a gimmick or the router would actually deal with serious DDoS attack. Anyway, I'm not playing wannabe TCP/IP service provider anymore. So, I don't have to worry about hackers scanning ports, trying brute force to get root, looking for open smtp relays or just being annoyed with script kiddies.
Click to expand...

DDoS feature in home router is a gimmick to give some assurance to customers even they have no clue about its effectiveness. Also it's nearly impossible to prevent DDoS with home routers even attackers use many different IP addresses to go around the firewall. You could block all IP addresses and allow some in but again adding all the legitimate IP addresses is tedious work.
 
Remington said:
DDoS feature in home router is a gimmick to give some assurance to customers even they have no clue about its effectiveness. Also it's nearly impossible to prevent DDoS with home routers even attackers use many different IP addresses to go around the firewall. You could block all IP addresses and allow some in but again adding all the legitimate IP addresses is tedious work.
Click to expand...
The fact is that this computer is a gateway to a large local network in which there are computers with sites that should visit everyone. So prohibiting all IP addresses and allowing some IP addresses is unrealistic. I understand that there is only one solution: put the VPN server with encryption
 
FreeBSD "jails" is containers, fail2ban "jails", as I see, mean smth different. Maybe using port-knocking with ipfw will be solution?
 
CeXP1917 said:
FreeBSD "jails" is containers, fail2ban "jails", as I see, mean smth different. Maybe using port-knocking with ipfw will be solution?
Click to expand...
And I was constantly wondering why he wants to run *only* ssh in a jail...

I'd suggest usig security/sshguard, which doesn't use bogus/confusing naming and also doesn't drag in python... (or again: native blacklistd(8) which is directly supported by FreeBSD sshd)
 
You must log in or register to reply here.
Back
Top