From c60e3dc8428ebb5dddd728d9a1f2c185845dd376 Mon Sep 17 00:00:00 2001 From: jvolkenant Date: Fri, 18 Jan 2019 06:36:43 -0800 Subject: [PATCH] fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl (fixes #1453, merges #1454) * fail2ban ssh/ssh-ddos and sasl are now sshd and postfix-sasl * specified custom datepattern for miab-owncloud.conf --- CHANGELOG.md | 7 +++++++ conf/fail2ban/filter.d/miab-owncloud.conf | 1 + conf/fail2ban/jails.conf | 7 ++----- setup/system.sh | 1 + 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb64785..298791b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ CHANGELOG ========= +In Development +-------------- + +System: + +* Missing brute force login attack prevention (fail2ban) filters which stopped working on Ubuntu 18.04 were added back. + v0.40 (January 12, 2019) ------------------------ diff --git a/conf/fail2ban/filter.d/miab-owncloud.conf b/conf/fail2ban/filter.d/miab-owncloud.conf index a9a13f2..709f8ba 100644 --- a/conf/fail2ban/filter.d/miab-owncloud.conf +++ b/conf/fail2ban/filter.d/miab-owncloud.conf @@ -3,5 +3,6 @@ before = common.conf [Definition] +datepattern = %%Y-%%m-%%d %%H:%%M:%%S failregex=Login failed: .*Remote IP: '[\)'] ignoreregex = diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf index 6c6fee3..952dc35 100644 --- a/conf/fail2ban/jails.conf +++ b/conf/fail2ban/jails.conf @@ -69,13 +69,10 @@ action = iptables-allports[name=recidive] # So the notification is ommited. This will prevent message appearing in the mail.log that mail # can't be delivered to fail2ban@$HOSTNAME. -[sasl] +[postfix-sasl] enabled = true -[ssh] +[sshd] enabled = true maxretry = 7 bantime = 3600 - -[ssh-ddos] -enabled = true diff --git a/setup/system.sh b/setup/system.sh index 2305ccf..ccc6023 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -339,6 +339,7 @@ systemctl restart systemd-resolved # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc. rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore +rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config cat conf/fail2ban/jails.conf \ | sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ | sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \