Page MenuHomePhabricator

Add system service fail2ban
Closed, InvalidPublicFEATURE REQUEST

Description

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Just install fail2ban debian package and provide configuration node.

Usefull for cloud based VyOS instances.

https://www.fail2ban.org/

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

c-po created this task.Sep 2 2017, 5:22 PM
c-po updated the task description. (Show Details)
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po moved this task from Need Triage to In Progress on the VyOS 1.2 Crux board.Sep 3 2017, 9:51 AM
c-po closed this task as Resolved.Sep 3 2017, 10:04 AM
c-po reopened this task as In progress.
c-po triaged this task as Normal priority.
c-po assigned this task to syncer.Sep 7 2017, 12:21 PM
syncer reassigned this task from syncer to UnicronNL.Sep 7 2017, 12:24 PM

Kim, can you merge this into current
Thanks!

What to so with this task, requests were closed.

c-po added a comment.Nov 18 2017, 8:06 AM

Closed b/c I wanted to rewrite it using vyos-1x command package.

c-po closed this task as Invalid.Feb 8 2018, 8:05 PM

Proper firewalling will be better...

straight firewalling won't help if the logon attempts still come from a presumably trusted LAN. I like the idea of at least a temporary lockout to prevent mass attempts when someone is running a big password list, though the utility of this naturally drops if VyOS can be fingerprinted before the attempt and the instance runs with a default password, but that's a sysadmin problem.

syncer moved this task from In Progress to Finished on the VyOS 1.2 Crux board.Oct 15 2018, 5:26 AM
syncer edited projects, added Invalid; removed VyOS 1.2 Crux.Oct 15 2018, 5:44 AM