From 8e0ca884216f78082ad5b50ef27dc024bb1699da Mon Sep 17 00:00:00 2001 From: RIVIERE Fabien Date: Mon, 30 Dec 2019 23:46:17 +0100 Subject: [PATCH] Add systemD/journalD sftpgo Fail2ban configuration --- README.md | 4 +++- fail2ban/filters/sftpgo.conf | 15 +++++++++++++++ fail2ban/jails/sftpgo.conf | 10 ++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 fail2ban/filters/sftpgo.conf create mode 100644 fail2ban/jails/sftpgo.conf diff --git a/README.md b/README.md index d6455e98..5e950c7e 100644 --- a/README.md +++ b/README.md @@ -513,7 +513,9 @@ The logs can be divided into the following categories: - `login_type` string. Can be `public_key`, `password` or `no_auth_tryed` - `error` string. Optional error description -The **connection failed logs** can be used for better integration in tools such as [Fail2ban](http://www.fail2ban.org/) +### Brute force protection + +The **connection failed logs** can be used for better integration in tools such as [Fail2ban](http://www.fail2ban.org/). Example of [jails](./fail2ban/jails) and [filters](./fail2ban/filters) working with systemD/journalD are available in fail2ban directory. ## Acknowledgements diff --git a/fail2ban/filters/sftpgo.conf b/fail2ban/filters/sftpgo.conf new file mode 100644 index 00000000..ddf7a270 --- /dev/null +++ b/fail2ban/filters/sftpgo.conf @@ -0,0 +1,15 @@ +[INCLUDES] +before = common.conf + +[DEFAULT] +_daemon = sftpgo + +[Definition] + +# By default, first authenticate method is public_key and must be excluded from the filter to avoid false positives failed attemps +failregex = ^.*"sender":"connection_failed","client_ip":"","username":".*","login_type":"password".*"}$ + +ignoreregex = + +[Init] +journalmatch = _SYSTEMD_UNIT=sftpgo.service + _COMM=sftpgo diff --git a/fail2ban/jails/sftpgo.conf b/fail2ban/jails/sftpgo.conf new file mode 100644 index 00000000..f7f7643c --- /dev/null +++ b/fail2ban/jails/sftpgo.conf @@ -0,0 +1,10 @@ +[sftpgo] +enabled = true +port = 2022 +filter = sftpgo +action = iptables-allports[name=sftpgo] +logpath = +backend = systemd +maxretry = 5 +bantime = 600 +findtime = 86400