klips/configs/fail2ban
Shaun Reed e0ac2fbeac Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00
..
README.md Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00
jail.local Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00
nginx-nohome.conf Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00
nginx-noproxy.conf Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00
nginx-noscript.conf Add basic Fail2ban SSH / NGINX jails 2019-09-07 12:52:37 +00:00

README.md

####Fail2ban

Be sure to configure mail notifications if you plan to use them. Found in jail.local -

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = user@gmail.com

# Sender email address used solely for some actions
sender = admin@hostname

# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = mail

# Default protocol
protocol = tcp

Default fail2ban action set to action = %(action_mwl)s

These configurations can be used to activate the below jails within fail2ban -

[nginx-noproxy]

enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/nginx/access.log
maxretry = 2

[nginx-nohome]

enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/nginx/access.log
maxretry = 2

[nginx-badbots]

enabled  = true
port     = http,https
filter   = nginx-badbots
logpath  = /var/log/nginx/access.log
maxretry = 2

[nginx-noscript]

enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/nginx/access.log
maxretry = 6

[nginx-http-auth]

enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/nginx/error.log

[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
ignoreregex = details.
#mode   = normal
enabled = true
port    = 22
logpath = %(sshd_log)s
backend = %(sshd_backend)s

The following filters are also included, which are required to exist within the /etc/fail2ban/filter.d/ directory. All other jails within this configuration are provided with the default installation of fail2ban on Ubuntu.

# /etc/fail2ban/filter.d/nginx-noscript.conf
[Definition]

failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)

ignoreregex =

# /etc/fail2ban/filter.d/nginx-nohome.conf
[Definition]

failregex = ^<HOST> -.*GET .*/~.*

ignoreregex =
# /etc/fail2ban/filter.d/nginx-noproxy.conf
[Definition]

failregex = ^<HOST> -.*GET http.*

ignoreregex =

To use these configurations, nginx must be running on the host. Run the commands below to apply them.

git clone https://github.com/shaunrd0/klips;
sudo cp klips/configs/fail2ban/jail.local /etc/fail2ban/jail.local;
sudo cp klips/configs/fail2ban/nginx* /etc/fail2ban/filter.d/;
sudo systemctl restart fail2ban;
sudo fail2ban-client status;