to Prevent Brute-forcing of logins<\/p>\n
<\/p>\n
apt-get install fail2ban<\/pre>\n\u00a0create the proxmox.local regex file<\/h2>\n
nano \/etc\/fail2ban\/filter.d\/proxmox.local<\/pre>\n<\/p>\n
# Fail2Ban configuration file\r\n#\r\n# Author: eXtremeSHOK.com\r\n#\r\n# $Revision: 201 $\r\n#\r\n\r\n[Definition]\r\n\r\n# Option: failregex\r\n# Notes.: regex to match the password failure messages in the logfile. The\r\n# host must be matched by a group named \"host\". The tag \"\" can\r\n# be used for standard IP\/hostname matching and is only an alias for\r\n# (?:::f{4,6}:)?(?P\\S+)\r\n# Values: TEXT\r\n#\r\n\r\nfailregex = pvedaemon\\[.*authentication failure; rhost=<HOST> user=.*msg=.*\r\n\r\n# Option: ignoreregex\r\n# Notes.: regex to ignore. If this regex matches, the line is ignored.\r\n# Values: TEXT\r\n#\r\n\r\nignoreregex =<\/pre>\n<\/p>\n
\u00a0Create fail2ban config for proxmox<\/h2>\n
We are also adding SSH and SSH DDOS protections
\nadd the following to the bottom of the\u00a0\/etc\/fail2ban\/jail.local<\/em>\u00a0file<\/p>\n##### PROXMOX START######\r\n[proxmox]\r\nenabled = true \r\nport = 8006\r\nfilter = proxmox\r\nlogpath = \/var\/log\/syslog\r\nmaxretry = 5\r\nbantime = 86400 #24hours\r\n##### PROXMOX3: END#####\r\n\r\n###### SSH: START######\r\n[ssh]\r\nenables = true\r\nport = ssh\r\nfilter = sshd\r\nlogpath = \/var\/log\/auth.log\r\nmaxretry = 5\r\nbantime = 86400 #24hours\r\n##### SSH: END######\r\n\r\n##### SSH ANTI-DDOS: START######\r\n[ssh-ddos]\r\nenabled = true\r\nport = ssh\r\nfilter = sshd-ddos\r\nlogpath = \/var\/log\/auth.log\r\nmaxretry = 5\r\n##### SSH ANTI-DDOS: END######<\/pre>\nOptional:<\/em>\u00a0Test fail2ban<\/strong><\/h2>\n
\n\n\n\u00a0fail2ban-regex \/var\/log\/syslog \/etc\/fail2ban\/filter.d\/proxmox.local<\/pre>\nRestart fail2ban to apply the setting<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n
\n\n\n\u00a0service fail2ban restart<\/pre>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n
Removing a banned ip<\/strong><\/h2>\n
\n\n\niptables -L fail2ban-proxmox -n -v --line-numbers<\/pre>\niptables -D fail2ban-proxmox 1<\/pre>\nViewing banned ip\u2019s and the status of the filter<\/strong><\/h2>\n<\/div>\n<\/div>\n<\/div>\n
\n\n\n\u00a0fail2ban-client status proxmox<\/pre>\n<\/p>\n
Quellen:<\/p>\n
http:\/\/forum.proxmox.com\/threads\/3583-How-To-implement-Fail2Ban-on-Host<\/a><\/p>\n