-
Install Fail2Ban:
sudo apt-get update sudo apt-get install fail2ban
-
Install UFW (Uncomplicated Firewall):
sudo apt-get install ufw
-
Configure UFW:
sudo ufw allow 8006 sudo ufw allow 443 sudo ufw allow 80 sudo ufw allow 69 (Replace with your ssh port) sudo ufw deny from any to any port 22 sudo ufw enable
-
Create
jail.local
configuration file:Open the
jail.local
file for editing:sudo nano /etc/fail2ban/jail.local
Add the following configuration for Proxmox:
[proxmox] enabled = true port = https,http,8006 filter = proxmox banaction = iptables backend = systemd maxretry = 5 findtime = 1d bantime = 1d [sshd] enabled = true filter = sshd banaction = iptables backend = systemd maxretry = 3 findtime = 1d bantime = 1d
-
Create
proxmox.conf
filter file:Open the
proxmox.conf
file for editing:sudo nano /etc/fail2ban/filter.d/proxmox.conf
Add the following configuration:
[Definition] failregex = pvedaemon\[.*authentication (verification )?failure; rhost=<HOST> user=.* msg=.* ignoreregex =
-
Restart Fail2Ban:
sudo systemctl restart fail2ban
Fail2Ban is now configured to monitor the specified ports and log files for suspicious activity. If an IP address exceeds the defined threshold, it will be automatically banned for the specified duration.
UFW is configured to allow traffic on ports 8006, 443, 80, and 11797 while denying SSH access to root. Adjust the configuration parameters as needed for your specific requirements.