{"id":578,"date":"2019-07-17T16:41:04","date_gmt":"2019-07-17T22:41:04","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=578"},"modified":"2019-09-25T13:33:01","modified_gmt":"2019-09-25T19:33:01","slug":"proxmox-fail2ban","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=578","title":{"rendered":"PROXMOX: Fail2ban"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Ingresamos como ugit-&gt;root<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh -l ugit poseidon.siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Instalamos fail2ban<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-get install fail2ban -y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Copiamos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos el archivo:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos al final<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>[proxmox]\nport = https,http,8006\nfilter = proxmox\nlogpath = \/var\/log\/daemon.log\nmaxretry = 3\n# 1 hour\nbantime = 172800<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Buscamos la linea y remplazamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ignoreip = 127.0.0.1\/8\nX\nignoreip = ignoreip = 127.0.0.1 10.20.190.0\/24 10.20.200.0\/24 181.193.87.0\/28 201.237.206.56<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Buscamos y remplazamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>bantime  = 600\nX\nbantime  = 172800<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Buscamos y remplazamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>maxretry = 5\nX\nmaxretry = 3<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Buscamos y remplazamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>destemail = root@localhost\nX\ndestemail = interuniversitariadealajuela@gmail.com<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos la linea<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sendername = POSEIDON_Fail2Ban<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Buscamos y remplazamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>action = %(action_)s\nX\naction = %(action_mw)s<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora abrimos el archivo de jail para habilitar servicios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/jail.d\/defaults-debian.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos los jail que queremos activar para este caso SSH \/ APACHE \/ POSTFIX \/ PROXMOX<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#***********************************\n#*********** SSH  ******************\n#***********************************\n[sshd]\nenabled = true\n\n[sshd-ddos]\nenabled  = true\n\n\n#***********************************\n#**********  APACHE ****************\n#***********************************\n[apache-auth]\nenabled  = true\n\n[apache-badbots]\nenabled  = true\n\n[apache-noscript]\nenabled  = true\n\n[apache-overflows]\nenabled  = true\n\n[apache-nohome]\nenabled  = true\n\n[apache-botsearch]\nenabled  = true\n\n[apache-fakegooglebot]\nenabled  = true\n\n[apache-modsecurity]\nenabled  = true\n\n[apache-shellshock]\nenabled  = true\n\n#***********************************\n#**********  NGINX  ****************\n#***********************************\n[nginx-http-auth]\nenabled = true\n\n[nginx-botsearch]\nenabled = true\n\n#***********************************\n#**********  PHP    ****************\n#***********************************\n[php-url-fopen]\nenabled = true\n\n[lighttpd-auth]\nenabled = true\n\n\n#***********************************\n#**********  POSTFIX ***************\n#***********************************\n[postfix]\nenabled  = true\n\n[postfix-rbl]\nenabled = true\n\n#***********************************\n#**********  PROXMOX ***************\n#***********************************\n[proxmox]\nenabled = true<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora creamos el filtro para proxmox<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/filter.d\/proxmox.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Con el siguiente c\u00f3digo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>[Definition]\nfailregex = pvedaemon\\[.*authentication failure; rhost=&lt;HOST> user=.* msg=.*\nignoreregex =<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora puede intentar ingresar en proxmox mas de 3 veces y correr el comando para ver el bloqueo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fail2ban-regex \/var\/log\/daemon.log \/etc\/fail2ban\/filter.d\/proxmox.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Si quiere conocer cuales jaulas est\u00e1n activadas<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fail2ban-client status<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Si quiere ver el estado de una jaula especifica<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Si quiere saber que el servicio esta activo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status fail2ban<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora creamos una nuevo aliases<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/aliases<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>A\u00f1adimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>fail2ban: root<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Actualizamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>newaliases<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos postfix<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code> \/etc\/init.d\/postfix reload<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Personalizamos el asunto de los correos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/etc\/fail2ban\/action.d\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano sendmail-whois-ipjailmatches.conf\nnano sendmail-whois-ipmatches.conf\nnano sendmail-whois-lines.conf\nnano sendmail-whois-matches.conf\nnano sendmail-whois.conf \nnano sendmail.conf\nnano sendmail-buffered.conf\nnano sendmail-common.conf\nnano sendmail-geoip-lines.conf\nnano mail.conf\nnano mail-whois.conf\nnano mail-whois-lines.conf\nnano mail-buffered.conf <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>[Fail2Ban]\nX\n[fail2ban_POSEIDON]<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service fail2ban restart<\/code><\/pre>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Como instalar Fail2ban en proxmox<\/p>\n","protected":false},"author":2,"featured_media":2001,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[140,3],"tags":[157,12],"class_list":["post-578","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fail2ban","category-proxmox","tag-fail2ban","tag-proxmox"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=578"}],"version-history":[{"count":2,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/578\/revisions"}],"predecessor-version":[{"id":2043,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/578\/revisions\/2043"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/2001"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}