to Prevent Brute-forcing of logins
install fail2ban
|
1 |
apt-get install fail2ban |
create the proxmox.local regex file
|
1 |
nano /etc/fail2ban/filter.d/proxmox.local |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# Fail2Ban configuration file # # Author: eXtremeSHOK.com # # $Revision: 201 $ # [Definition] # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P\S+) # Values: TEXT # failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.*msg=.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = |
Create fail2ban config for proxmox
We are also adding SSH and SSH DDOS protections
add the following to the bottom of the /etc/fail2ban/jail.local file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
##### PROXMOX START###### [proxmox] enabled = true port = 8006 filter = proxmox logpath = /var/log/syslog maxretry = 5 bantime = 86400 #24hours ##### PROXMOX3: END##### ###### SSH: START###### [ssh] enables = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 5 bantime = 86400 #24hours ##### SSH: END###### ##### SSH ANTI-DDOS: START###### [ssh-ddos] enabled = true port = ssh filter = sshd-ddos logpath = /var/log/auth.log maxretry = 5 ##### SSH ANTI-DDOS: END###### |
Optional: Test fail2ban
|
1 |
fail2ban-regex /var/log/syslog /etc/fail2ban/filter.d/proxmox.local |
Restart fail2ban to apply the setting
|
1 |
service fail2ban restart |
Removing a banned ip
|
1 |
iptables -L fail2ban-proxmox -n -v --line-numbers |
|
1 |
iptables -D fail2ban-proxmox 1 |
