Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fail2ban/fail2ban
Daemon to ban hosts that cause multiple authentication errors
https://github.com/fail2ban/fail2ban
anti-bot attack-prevention ban-hosts ban-management bsd fail2ban gplv2 hids ids intrusion-detection intrusion-prevention ips linux loganalyzer macos monitoring python security security-tools
Last synced: 4 days ago
JSON representation
Daemon to ban hosts that cause multiple authentication errors
- Host: GitHub
- URL: https://github.com/fail2ban/fail2ban
- Owner: fail2ban
- License: other
- Created: 2011-09-28T16:24:20.000Z (about 13 years ago)
- Default Branch: master
- Last Pushed: 2024-11-07T18:35:59.000Z (about 1 month ago)
- Last Synced: 2024-12-04T05:05:29.653Z (9 days ago)
- Topics: anti-bot, attack-prevention, ban-hosts, ban-management, bsd, fail2ban, gplv2, hids, ids, intrusion-detection, intrusion-prevention, ips, linux, loganalyzer, macos, monitoring, python, security, security-tools
- Language: Python
- Homepage: http://www.fail2ban.org
- Size: 12.2 MB
- Stars: 12,488
- Watchers: 252
- Forks: 1,258
- Open Issues: 243
-
Metadata Files:
- Readme: README.Solaris
- Changelog: ChangeLog
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: COPYING
Awesome Lists containing this project
- awesome-python-applications - Repo
- awesome-my-raspberrypi-micro-desktop - Fail2Ban - Daemon to ban hosts that cause multiple authentication errors_ (Daily List / General Use)
- fucking-Awesome-Linux-Software - ![Open-Source Software - Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. (Applications / Security)
- awesome-repositories - fail2ban/fail2ban - Daemon to ban hosts that cause multiple authentication errors (Python)
- awesome-starz - fail2ban/fail2ban - Daemon to ban hosts that cause multiple authentication errors (Python)
- Awesome-Linux-Software - ![Open-Source Software - Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. (Applications / Security)
- Awesome-BSD-Ports-Programs-And-Projects - ![Open-Source Software - Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish. (Ports and Programs / Security)
- awesome-python-applications - Repo
- StarryDivineSky - fail2ban/fail2ban
README
# vim:tw=80:ft=txt
README FOR SOLARIS INSTALLATIONS
By Roy Sigurd Karlsbakk
ABOUT
This README is meant for those wanting to install fail2ban on Solaris 10,
OpenSolaris, OpenIndiana etc. To some degree it may as well be useful for
users of older Solaris versions and Nexenta, but don't rely on it.READ ME FIRST
If I use the term Solaris, I am talking about any Solaris dialect, that is, the
official Sun/Oracle ones or derivatives. If I describe an OS as
"OpenSolaris-based", it means it's either OpenSolaris, OpenIndiana or one of the
other, but /not/ the Nexenta family, since this only uses the OpenSolaris/
IllumOS kernel and not the userland. If I say Solaris 10, I mean Solaris 10 and
perhaps, if you're lucky and have some good gods on your side, it may also apply
to Solaris 9 or even 8 and hopefully in the new Solaris 11 whenever that may be
released. Quoted lines of code, settings etc. are indented with two spaces.
This does _not_ mean you should use that indentation, especially in config files
where they can be harmful. Optional settings are prefixed with OPT: while
required settings are prefixed with REQ:. If no prefix is found, regard it as a
required setting.INSTALLATION ON SOLARIS
The installation is straight forward on Solaris as well as on linux/bsd/etc.
./setup.py install installs the general packages in /usr/bin on OpenSolaris-
based distros or (at least on this box) under /usr/sfw/bin on Solaris 10. In
the files/ directory you will find the file solaris-fail2ban.xml containing the
Solaris service. To install this, run the following command as root (or with
sudo):svccfg import files/solaris-fail2ban.xml
This should normally without giving an error. If you get an error, deal with it,
and please post any relevant info (or fixes?) to the fail2ban mailing list.
Next install the service handler - copy the script in and allow it to be executed:cp files/solaris-svc-fail2ban /lib/svc/method/svc-fail2ban
chmod +x /lib/svc/method/svc-fail2banCONFIGURE SYSLOG
For some reason, a default Solaris installation does not log ssh login attempts,
and since fail2ban works by monitoring logs, enabling this logging is rather
important for it to work. To enable this, edit /etc/syslog.conf and add a line
at the end:auth.info /var/adm/auth.log
Save the file and exit, and run
touch /var/adm/auth.log
The Solaris system logger will _not_ create a non-existing file. Now, restart
the system logger.svcadm restart system-log
Try to ssh into localhost with ssh asdf@localhost and enter an invalid password.
Make sure this is logged in the above file. When done, you may configure
fail2ban.FAIL2BAN CONFIGURATION
OPT: Create /etc/fail2ban/fail2ban.local containing:
# Fail2Ban configuration file for logging fail2ban on Solaris
#
[Definition]logtarget = /var/adm/fail2ban.log
REQ: Create /etc/fail2ban/jail.local containing:
[ssh-tcpwrapper]
enabled = true
filter = sshd
action = hostsdeny[daemon_list=sshd]
sendmail-whois[name=SSH, [email protected]]
ignoreregex = for myuser from
logpath = /var/adm/auth.logSet the sendmail dest address to something useful or drop the line to stop it spamming you.
Set 'myuser' to your username to avoid banning yourself or remove the line.START (OR RESTART) FAIL2BAN
Enable the fail2ban service with
svcadm enable fail2ban
When done, check that all services are running well
svcs -xv
GOTCHAS AND FIXMES
* It seems the installation may be starting fail2ban automatically. If this is
done, fail2ban will not start, but no errors will be returned from svcs
(above). Check if it's running with 'ps -ef | grep fail2ban' and manually kill
the PID if it is. Re-enable fail2ban and try againsvcadm disable fail2ban
svcadm enable fail2ban* If svcs -xv says that fail2ban failed to start or svcs says it's in maintenance mode
check /var/svc/log/network-fail2ban:default.log for clues.
Check permissions on /var/adm, /var/adm/auth.log /var/adm/fail2ban.log and /var/run/fail2ban
You may need to:sudo mkdir /var/run/fail2ban
* Fail2ban adds lines like these to /etc/hosts.deny:
sshd: 1.2.3.4