inettgmbh / fail2ban-proxmox-backup-server Goto Github PK

View Code? Open in Web Editor NEW

36.0 3.0 8.0 25 KB

Fail2Ban for Proxmox Backup Server (PBS)

License: GNU Affero General Public License v3.0

fail2ban pbs proxmox proxmox-backup proxmox-backup-server

fail2ban-proxmox-backup-server's Introduction

fail2ban-proxmox-backup-server

Fail2Ban for Proxmox Backup Server (PBS)

filter and jail for fail2ban protecting a Proxmox Backup Server (PBS) from brute force attacks to the API/WebGUI

Requirements

fail2ban - see fail2ban requirements
fail2ban needs iptables.

Installation

Install fail2ban on a Proxmox Backup Server

apt -y update; apt -y install fail2ban iptables

Add the configs from this repository

# Download or clone this repository
git clone https://github.com/inettgmbh/fail2ban-proxmox-backup-server.git

# Put filter.d/proxmox-backup-server.conf contents to /etc/fail2ban/filter.d/proxmox-backup-server.conf
cp filter.d/proxmox-backup-server.conf /etc/fail2ban/filter.d/proxmox-backup-server.conf

# Put jail.d/proxmox-backup-server.conf to /etc/fail2ban/jail.d/proxmox-backup-server.conf
cp jail.d/proxmox-backup-server.conf /etc/fail2ban/jail.d/proxmox-backup-server.conf

# Restart Fail2Ban Service
systemctl restart fail2ban.service

Check if new jail is active

fail2ban-client status

Status
|- Number of jail:	2
`- Jail list:	proxmox-backup-server, sshd

fail2ban-client status proxmox-backup-server

Status for the jail: proxmox-backup-server
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	/var/log/proxmox-backup/api/auth.log
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

fail2ban-proxmox-backup-server's People

Contributors

Stargazers

Watchers

Forkers

vpsmaster-eu fingerlessglov3s secit-pl davlaw 7u4 egorstezhka r3n3g scriptsandthings juliokele

fail2ban-proxmox-backup-server's Issues

Adding expression to also block invalid accounts

Thanks for that helpful piece of code! You might consider adapting the regex expression to also block login attempts to invalid accounts.

Cheers

__suffix_failed_login = (AUTH_ERR|invalid credentials|user account disabled or expired).?

PBS3 not working

Could you please make this adjustment in the .conf file?

I wasn't able to get it working until I did.

Not blockin on my PBS

Hi.

Thanks for the code, but it's not blocking these on my PBS 2.1-5:
Feb 17 21:01:49 pbs102 proxmox-backup-proxy[1007]: authentication failure; rhost=[::ffff:192.99.233.144]:58070 msg=ticket with invalid signature
Feb 17 21:01:52 pbs102 proxmox-backup-proxy[1007]: GET /api2/json/admin/datastore: 401 Unauthorized: [client [::ffff:192.99.233.144]:58070] authentication failed - ticket with invalid signature

I dit replicate your .conf files in my ./jail.d/ and ./filter.d/, restarted with "systemctl restart fail2ban", and I can see your jail with "fail2ban-client status proxmox-backup-server".
I can also manually block IP, or subnet in this case, using "fail2ban-client set proxmox-backup-server banip 51.79.79.0/24".

What am I missing?

What will I see when my IP is banned?

What will I see when my IP is banned?
I tried 3 times wrong password and check the status and it shows my Banned IP
then I keep trying the wrong password and the action on PBS GUI ( :8007 ) is still the same
then I type in correct password and logined!!
and check the status and it shows my Banned IP (same as above)
How do I know that it's working?

How can I add ignore IP? how to unban IPs? how to ban IP permenently?

Not Working in PBS 2.4

hi @marcogabriel , I ran into your post a few days ago and try to replicate it in my PBS without success, apparently change the code in version 2.4, and gives an error in the iptable and can not run the jail, marks the ip as banned but can continue to use, you would have an idea of how to solve it?

Thank you