Add system service fail2ban
Closed, InvalidPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	c-po
	Sep 2 2017, 5:22 PM

Description

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Just install fail2ban debian package and provide configuration node.

Usefull for cloud based VyOS instances.

https://www.fail2ban.org/

Details

Difficulty level: Normal (likely a few hours)
Version: -
Why the issue appeared?: Will be filled on close

Related Objects

Duplicates Merged Here: T2711: Support fail2ban to prevent SSH from being brutally cracked

Event Timeline

c-po created this task.Sep 2 2017, 5:22 PM

c-po updated the task description. (Show Details)

c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).

c-po moved this task from Need Triage to In Progress on the VyOS 1.2 Crux board.Sep 3 2017, 9:51 AM

@syncer @dmbaturin Please pull https://github.com/vyos/vyatta-cfg-system/pull/60 and https://github.com/vyos/vyos-build/pull/9

c-po closed this task as Resolved.Sep 3 2017, 10:04 AM

c-po reopened this task as In progress.

c-po triaged this task as Normal priority.

c-po assigned this task to syncer.Sep 7 2017, 12:21 PM

Kim, can you merge this into current
Thanks!

What to so with this task, requests were closed.

Closed b/c I wanted to rewrite it using vyos-1x command package.

Proper firewalling will be better...

straight firewalling won't help if the logon attempts still come from a presumably trusted LAN. I like the idea of at least a temporary lockout to prevent mass attempts when someone is running a big password list, though the utility of this naturally drops if VyOS can be fingerprinted before the attempt and the instance runs with a default password, but that's a sysadmin problem.

syncer moved this task from In Progress to Finished on the VyOS 1.2 Crux board.Oct 15 2018, 5:26 AM

syncer edited projects, added Invalid; removed VyOS 1.2 Crux.Oct 15 2018, 5:44 AM

Any chance this will be revived for 1.3 or 2.0 ?
Any amount of firewalling is not gonna stop brute forcing.

If this will not be revived will there atleast be a feature with some parity to block after X amount of failed logins for Y amount of time that is increased by a factor of Z amount for each additional failed logins ?

pasik added a subscriber: pasik.Jul 6 2020, 12:20 PM

c-po merged a task: T2711: Support fail2ban to prevent SSH from being brutally cracked.Jul 18 2020, 6:56 AM

c-po added a subscriber: jack9603301.

@c-po Why stop the implementation of this function? My original idea was to implement the automatic configuration and operation of the service in vyos-1x. It seems that you already have an idea?

+1 for implementation

For "SSH" we have dynamic-protection

vyos@r14# set service ssh dynamic-protection  
Possible completions:
+  allow-from           Always allow inbound connections from these systems
   block-time           Block source IP in seconds. Subsequent blocks increase by a
                        factor of 1.5 (default: 120)
   detect-time          Remember source IP in seconds before reset their score (default:
                        1800)
   threshold            Block source IP when their cumulative attack score exceeds
                        threshold (default: 30)

Add system service fail2banClosed, InvalidPublicFEATURE REQUESTActions

Description

Details

Related Objects

Event Timeline

Add system service fail2ban
Closed, InvalidPublicFEATURE REQUEST
Actions