Fail2Ban for nginx proxy manager

I wan to write an Articlle about this Topic because I havent found one what is including all I want and have to Figure it Out by myself.

At first wen need a Folder and get our Docker Compose File running

mkdir fail2ban
cd fail2ban
vi docker-compose.yml

Paste the following text into the editor:

version: "3"

services:
  fail2ban:
    container_name: fail2ban
    hostname: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - TZ=Europe/Berlin
      - F2B_DB_PURGE_AGE=14d
      - SSMTP_HOST=<your-mail-server>
      - SSMTP_PORT=25
      - SSMTP_HOSTNAME=<hostname-of-your-container>
    image: crazymax/fail2ban:latest
    network_mode: host
    restart: unless-stopped
    volumes:
      - /root/fail2ban/data:/data
      - /root/ngix-proxy-manager/data/logs:/var/log/npm
      - /var/log:/var/log/varlog

Save the file and start the Container with

docker-compose up -d

The Fail2ban Container will be loaded and is starting. There should be a data dir now with 4 folders

action.d
db
filter.d
jail.d

The db Folder can be ignored, now we need to create a jail.local in jail.d

vi jail.d/jail.local

Paste the following in there.:

[DEFAULT]
# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
bantime.increment = true

# "bantime.rndtime" is the max number of seconds using for mixing with random time
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
bantime.rndtime = 2048

# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
bantime.multipliers = 1 5 30 60 300 720 1440 2880

#Ban without sending E-Mail
#action = %(action_)s

#Ban and send E-Mail
action = %(action_mw)s

destemail = <dest email>
sender = <from email>
mta = sendmail

[npm]
# bots that trigger too many 403 or 404
# logs are comming from reverse proxy "nginx proxy manager"
enabled = true
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16
filter = npm-filter
chain = DOCKER-USER
logpath = /var/log/npm/proxy-host-*_access.log
maxretry = 5
findtime = 60
bantime = 600

[sshd]

enabled = true
port    = ssh
filter  = sshd
ignoreip = 127.0.0.0/8 10.0.0.0/8 172.27.0.0/16 192.168.0.0/16
chain = INPUT
logpath = /var/log/varlog/auth.log
findtime = 10m
maxretry = 5
bantime = -1

we Monitor the NPM and the Systems sshd here, thats why we mapped the Volume from local logs into the fail2ban container.

Next Step is to add filter Rules in filter.d for our NPM

vi filter.d/npm-filter.conf

[INCLUDES]

[Definition]

failregex = ^.+ (405|404|403|401|\-) (405|404|403|401) - .+ [Client <HOST>] [Length .+] .+ [Sent-to <F-CONTAINER>.+</F-CONTAINER>] <F-USERAGENT>".+"</F-USERAGENT> .+$

ignoreregex = ^.+ (404|\-) (404) - .+".+(\.png|\.txt|\.jpg|\.ico|\.js|\.css)[/]" [Client <HOST>] [Length .+] ".+" .+$

Now we have everything set up and we can restart the container with

docker-compose restart

Now we want to see what fail2ban is doing. We can check the logs by doing docker ps to show the running containers and docker logs <container-id> --follow

Thats it, feel Free to ask if you have problems with this Setup

Hi,

wer das Forum auch als Blog benutzen möchte, kann sich gerne bei mir melden. Würde dann eine eigene Kategorie anlegen.

Viele Grüße

Saphira

Wenn der DRBD mal im Split Brain hängen bleibt muss mana uf dem Secondary forgende Befehle ausführen.

drbdadm disconnect squid
drbdadm secondary squid
drbdadm connect --discard-my-data squid

Hier ein Start Script was auch funktioniert, muss unter Ubuntu in die
/lib/systemd/system

[Unit]
Description=ITS-Forum
After=mongodb.service

[Service]
User=root
Group=root
Environment=NODE_ENV=production
WorkingDirectory=/root/nodebb
ExecStart=/root/.nvm/versions/node/v17.9.0/bin/node loader.js --no-daemon --no-silent
Restart=always

[Install]
WantedBy=multi-user.target
Alias=nodebb.service

v1.19.5 Latest
Release build (patch) of NodeBB @ 2022-03-16T21:05:47.855Z

v1.19.5 (2022-03-16)
Chores
incrementing version number - v1.19.5 (48d6eb4)
update changelog for v1.19.4 (0e6e49b)
deps:
bump less from 3.13.1 to 4.1.2 in /install (#9856) (d33485f)
bump autoprefixer from 10.4.2 to 10.4.4 in /install (#10403) (9009493)
update dependency lint-staged to v12.3.6 (0a4522a)
update commitlint monorepo to v16.2.3 (0a97015)
bump nodebb-plugin-spam-be-gone in /install (#10387) (445e3d7)
bump connect-redis from 6.1.1 to 6.1.2 in /install (#10391) (145621f)
update dependency eslint to v8.11.0 (feaf306)
update dependency mocha to v9.2.2 (#10383) (4ffbd78)
i18n:
fallback strings for new resources: nodebb.admin-manage-users (2f09c22)
fallback strings for new resources: nodebb.admin-manage-privileges, nodebb.admin-manage-users, nodebb.error, nodebb.user (15508ba)
fallback strings for new resources: nodebb.admin-settings-reputation, nodebb.error (5274a6a)
New Features
collect hook logs in order to reduce console noise, flush on ajaxify loadScript completion (935704a)
add support for PATCH method in api module (4b79dfd)
on online users page override timeago cutoff to 24 hours (7c94657)
ability to mute users (be6bbab)
min:rep:upvote, and other limits similar to downvotes (3414a23)
post-queue hooks, closes #10381 (2056ac0)
Bug Fixes
topic events if there is a blocked user in topic (3935a86)
topic events disappearing if there are queued posts (2808c95)
#10393, move 'Create User' control to overflow menu (cd687cf)
don't append to history on refresh or ajaxify to same url (c83987b)
global privs (7d063d7)
#10384 -- mixed up sizes for fallback touch icons (cb11320)
#10377, remove logging of env vars (997ab7d)
deps:
update dependency postcss to v8.4.12 (#10396) (bdbc168)
update dependency sharp to v0.30.3 (#10389) (b421385)
Refactors
closes #10301 (c8e986d)
Tests
skip i18n tests if the github event is a pull request (e578c60)
fix middleware test (24c1f87)
fix category tests (6344c3b)
fix one more test (a551142)

cp -r nodeebb nodebb-update
cd nodebb-update
git fetch
git reset --hard origin/v1.19.x
./nodebb upgrade
cd ..
mv nodebb nodebb-1.19.4
mv nodebb-update nodebb
cd nodebb
./nodebb start

Hier das Installscript das den Unix agent installiert und Basics konfiguriert

sudo apt-get install xinetd wget tar telnet

yum install xinetd wget tar telnet

mkdir /opt/obs-agent/
cd /opt/obs-agent/

wget https://www.observium.org/observium-community-latest.tar.gz --no-check-certificate

tar zxvf observium-community-latest.tar.gz observium/scripts/

scp /opt/obs-agent/observium/scripts/observium_agent_xinetd /etc/xinetd.d/observium_agent_xinetd
scp /opt/obs-agent/observium/scripts/observium_agent /usr/bin/observium_agent

chmod 700 /etc/xinetd.d/observium_agent_xinetd scp /opt/obs-agent/observium/scripts/observium_agent /usr/bin/observium_agent

echo Type IP of your Monitoring Server:
read serverip
sed -i "s/127.0.0.1/$serverip/g" /etc/xinetd.d/observium_agent_xinetd

service xinetd restart

mkdir -p /usr/lib/observium_agent /usr/lib/observium_agent/local

mkdir /usr/lib/observium_agent/scripts-available /usr/lib/observium_agent/scripts-enabled

scp -r /opt/obs-agent/observium/scripts/agent-local/* /usr/lib/observium_agent/scripts-available

cp /usr/lib/observium_agent/scripts-available/dmi /usr/lib/observium_agent/local
cp /usr/lib/observium_agent/scripts-available/rpm /usr/lib/observium_agent/local

service xinetd restart

rm -rf /opt/obs-agent

Zunächst brauchen wir xinetd:

apt-get install xinetd

oder

yum install xinetd

Config anlegen

vi /etc/xinetd.d/observium_agent_xinetd

service observium_agent
{
        type           = UNLISTED
        port           = 36602
        socket_type    = stream
        protocol       = tcp
        wait           = no
        user           = root
        server         = /usr/bin/observium_agent

        # configure the IPv[4|6] address(es) of your Observium server here:
        only_from      = 127.0.0.1 ::1

        # Don't be too verbose. Don't log every check. This might be
        # commented out for debugging. If this option is commented out
        # the default options will be used for this service.
        log_on_success =

        disable        = no
}

Jetzt müssen wir noch eine Reihe Ordner anlegen und Scripte kopieren aus dem Observium Verzeichnes.

service xinetd restart

scp /opt/observium/scripts/observium_agent /usr/bin/observium_agent

mkdir -p /usr/lib/observium_agent

mkdir /usr/lib/observium_agent/scripts-available /usr/lib/observium_agent/scripts-enabled

scp -r /opt/observium/scripts/agent-local/* /usr/lib/observium_agent/scripts-available

sudo ln -s /usr/lib/observium_agent/scripts-available/os /usr/lib/observium_agent/scripts-enabled
sudo ln -s /usr/lib/observium_agent/scripts-available/dmi /usr/lib/observium_agent/scripts-enabled
sudo ln -s /usr/lib/observium_agent/scripts-available/apache /usr/lib/observium_agent/scripts-enabled

mkdir /usr/lib/observium_agent/local

vi /usr/lib/observium_agent/local/docker_info

#!/bin/bash

echo "<<<app-docker>>>"
info=$(docker info 2> /dev/null | grep "Containers:\|Running:\|Paused:\|Stopped:\|Images:")
echo $info | awk '{print $2}'
echo $info | awk '{print $4}'
echo $info | awk '{print $6}'
echo $info | awk '{print $8}'
echo $info | awk '{print $10}'


chmod 777 /usr/lib/observium_agent/local/docker_info

service xinetd restart

cp -r nodeebb nodebb-update
cd nodebb-update
git fetch
git reset --hard origin/v1.19.x
./nodebb upgrade
cd ..
mv nodebb nodebb-1.19.3
mv nodebb-update nodebb
cd nodebb
./nodebb start

Virgil auch auf dem Balkon die beiden

Freddenator auf dem Balkon bei Sonnenschein

Welterkundung

Mit ssmtp kann man einfach den Mailersand auch zB über google Mail realisieren, einfach mit folgendem Befehl installieren:

apt install ssmtp

Dann in der Config /etc/ssmtp/ssmtp.conf folgendes konfigurieren:

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=USER@gmail.com

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
rewriteDomain=gmail.com

# The full hostname
hostname=USER@gmail.com

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=YES

AuthUser=MYUSER
AuthPass=MYPASSWORD
UseSTARTTLS=YES

Danach müssen wir die konten noch zuweisen in /etc/ssmtp/revaliases

# sSMTP aliases
#
# Format:       local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:USER@gmail.com:smtp.gmail.com:587
www-data:USER@gmail.com:smtp.gmail.com:587