Group Details Private

administrators

Member List
  • Fail2Ban for nginx proxy manager

    I wan to write an Articlle about this Topic because I havent found one what is including all I want and have to Figure it Out by myself.

    At first wen need a Folder and get our Docker Compose File running

    mkdir fail2ban
    cd fail2ban
    vi docker-compose.yml
    

    Paste the following text into the editor:

    version: "3"
    
    services:
      fail2ban:
        container_name: fail2ban
        hostname: fail2ban
        cap_add:
          - NET_ADMIN
          - NET_RAW
        environment:
          - TZ=Europe/Berlin
          - F2B_DB_PURGE_AGE=14d
          - SSMTP_HOST=<your-mail-server>
          - SSMTP_PORT=25
          - SSMTP_HOSTNAME=<hostname-of-your-container>
        image: crazymax/fail2ban:latest
        network_mode: host
        restart: unless-stopped
        volumes:
          - /root/fail2ban/data:/data
          - /root/ngix-proxy-manager/data/logs:/var/log/npm
          - /var/log:/var/log/varlog
    
    

    Save the file and start the Container with

    docker-compose up -d
    

    The Fail2ban Container will be loaded and is starting. There should be a data dir now with 4 folders

    action.d
    db
    filter.d
    jail.d
    

    The db Folder can be ignored, now we need to create a jail.local in jail.d

    vi jail.d/jail.local
    

    Paste the following in there.:

    [DEFAULT]
    # "bantime.increment" allows to use database for searching of previously banned ip's to increase a
    # default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
    bantime.increment = true
    
    # "bantime.rndtime" is the max number of seconds using for mixing with random time
    # to prevent "clever" botnets calculate exact time IP can be unbanned again:
    bantime.rndtime = 2048
    
    # following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
    # for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
    bantime.multipliers = 1 5 30 60 300 720 1440 2880
    
    #Ban without sending E-Mail
    #action = %(action_)s
    
    #Ban and send E-Mail
    action = %(action_mw)s
    
    destemail = <dest email>
    sender = <from email>
    mta = sendmail
    
    [npm]
    # bots that trigger too many 403 or 404
    # logs are comming from reverse proxy "nginx proxy manager"
    enabled = true
    ignoreip = 127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16
    filter = npm-filter
    chain = DOCKER-USER
    logpath = /var/log/npm/proxy-host-*_access.log
    maxretry = 5
    findtime = 60
    bantime = 600
    
    [sshd]
    
    enabled = true
    port    = ssh
    filter  = sshd
    ignoreip = 127.0.0.0/8 10.0.0.0/8 172.27.0.0/16 192.168.0.0/16
    chain = INPUT
    logpath = /var/log/varlog/auth.log
    findtime = 10m
    maxretry = 5
    bantime = -1
    
    

    we Monitor the NPM and the Systems sshd here, thats why we mapped the Volume from local logs into the fail2ban container.

    Next Step is to add filter Rules in filter.d for our NPM

    vi filter.d/npm-filter.conf
    
    [INCLUDES]
    
    [Definition]
    
    failregex = ^.+ (405|404|403|401|\-) (405|404|403|401) - .+ [Client <HOST>] [Length .+] .+ [Sent-to <F-CONTAINER>.+</F-CONTAINER>] <F-USERAGENT>".+"</F-USERAGENT> .+$
    
    ignoreregex = ^.+ (404|\-) (404) - .+".+(\.png|\.txt|\.jpg|\.ico|\.js|\.css)[/]" [Client <HOST>] [Length .+] ".+" .+$
    

    Now we have everything set up and we can restart the container with

    docker-compose restart
    

    Now we want to see what fail2ban is doing. We can check the logs by doing docker ps to show the running containers and docker logs <container-id> --follow

    Thats it, feel Free to ask if you have problems with this Setup

    posted in Technik
  • Weitere Blog Benutzer

    Hi,

    wer das Forum auch als Blog benutzen möchte, kann sich gerne bei mir melden. Würde dann eine eigene Kategorie anlegen.

    Viele Grüße

    posted in General Discussion
  • RE: Sophia

    Saphira

    posted in Blogs
  • Sophia

    IMG_20220713_070407.jpg IMG_20220713_073341.jpg IMG_20220713_073332.jpg IMG_20220714_064406.jpg IMG_20220714_064409.jpg IMG_20220714_064423.jpg

    posted in Blogs
  • RE: Freddenator

    IMG_20220624_063437.jpg

    posted in Blogs
  • DRBD Split Brain

    Wenn der DRBD mal im Split Brain hängen bleibt muss mana uf dem Secondary forgende Befehle ausführen.

    
    drbdadm disconnect squid
    drbdadm secondary squid
    drbdadm connect --discard-my-data squid
    
    posted in Technik
  • RE: Vergil

    IMG_20220523_165449.jpg

    posted in Blogs
  • NodeBB Linux Start Script

    Hier ein Start Script was auch funktioniert, muss unter Ubuntu in die
    /lib/systemd/system

    [Unit]
    Description=ITS-Forum
    After=mongodb.service
    
    [Service]
    User=root
    Group=root
    Environment=NODE_ENV=production
    WorkingDirectory=/root/nodebb
    ExecStart=/root/.nvm/versions/node/v17.9.0/bin/node loader.js --no-daemon --no-silent
    Restart=always
    
    [Install]
    WantedBy=multi-user.target
    Alias=nodebb.service
    
    posted in Technik
  • RE: Freddenator

    IMG_20220328_173823.jpg

    posted in Blogs
  • RE: Emmsche

    IMG_20220314_170246.jpg

    posted in Blogs