This commit is contained in:
MacRimi 2025-03-02 18:25:39 +01:00
parent 633de9bd15
commit de90a631f5

View File

@ -121,84 +121,115 @@ lynis audit system
<li>Automatically blocks malicious IPs to reduce attack vectors</li> <li>Automatically blocks malicious IPs to reduce attack vectors</li>
</ul> </ul>
<p className="text-lg mb-2">This adjustment automates the following commands:</p> <h4 className="text-lg font-semibold mt-4">Fail2Ban Configuration Overview</h4>
<p className="mb-4">
Fail2Ban is configured with the following security policies:
</p>
<ul className="list-disc pl-5 mb-4">
<li><strong>Ban Duration:</strong> 24 hours for SSH and 1 hour for Proxmox</li>
<li><strong>Max Retries:</strong> 2 failed attempts for SSH, 3 for Proxmox</li>
<li><strong>Find Time:</strong> 30 minutes for SSH, 10 minutes for Proxmox</li>
<li><strong>Log Monitoring:</strong> <code>/var/log/auth.log</code> for SSH and <code>/var/log/daemon.log</code> for Proxmox</li>
</ul>
<p className="text-lg mb-2">Install and configure Fail2Ban with the following commands:</p>
<CopyableCode <CopyableCode
code={` code={`
# Install Fail2Ban # Install Fail2Ban
apt-get -y install fail2ban apt-get -y install fail2ban
`}
/>
# Configure Proxmox filter to detect failed logins <p className="text-lg mt-4">Configure the Proxmox filter to detect failed logins:</p>
cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf <CopyableCode
[Definition] code={`
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* # Create the Fail2Ban filter for Proxmox
ignoreregex = cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
EOF [Definition]
failregex = pvedaemon\\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
EOF
`} `}
/> />
<p className="text-lg mt-4">Define security rules for Proxmox:</p> <p className="text-lg mt-4">Define security rules for Proxmox:</p>
<CopyableCode <CopyableCode
code={` code={`
# Create a jail configuration for Proxmox # Create a jail configuration for Proxmox
cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
[proxmox] [proxmox]
enabled = true enabled = true
port = https,http,8006,8007 port = https,http,8006,8007
filter = proxmox filter = proxmox
logpath = /var/log/daemon.log logpath = /var/log/daemon.log
maxretry = 3 maxretry = 3
bantime = 3600 bantime = 3600
findtime = 600 findtime = 600
EOF EOF
`} `}
/> />
<p className="text-lg mt-4">Set up global Fail2Ban policies:</p> <p className="text-lg mt-4">Set up global Fail2Ban policies:</p>
<CopyableCode <CopyableCode
code={` code={`
# Configure general Fail2Ban settings # Configure general Fail2Ban settings
cat <<EOF > /etc/fail2ban/jail.local cat <<EOF > /etc/fail2ban/jail.local
[DEFAULT] [DEFAULT]
ignoreip = 127.0.0.1 ignoreip = 127.0.0.1
bantime = 86400 bantime = 86400
maxretry = 2 maxretry = 2
findtime = 1800 findtime = 1800
[ssh-iptables] [ssh-iptables]
enabled = true enabled = true
filter = sshd filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp] action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log logpath = /var/log/auth.log
maxretry = 2 maxretry = 2
findtime = 3600 findtime = 3600
bantime = 32400 bantime = 32400
EOF EOF
`} `}
/> />
<p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p> <p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p>
<CopyableCode <CopyableCode
code={` code={`
# Enable and restart Fail2Ban # Enable and restart Fail2Ban
systemctl enable fail2ban systemctl enable fail2ban
systemctl restart fail2ban systemctl restart fail2ban
`} `}
/> />
<p className="text-lg mt-4">Check active Fail2Ban jails:</p> <p className="text-lg mt-4">Check active Fail2Ban jails:</p>
<CopyableCode <CopyableCode
code={` code={`
# Display Fail2Ban status # Display Fail2Ban status
fail2ban-client status fail2ban-client status
# Check status of Proxmox protection # Check status of Proxmox protection
fail2ban-client status proxmox fail2ban-client status proxmox
# Check status of SSH protection # Check status of SSH protection
fail2ban-client status ssh-iptables fail2ban-client status ssh-iptables
`} `}
/> />
<h4 className="text-lg font-semibold mt-4">Managing Fail2Ban</h4>
<p className="mb-4">You can manually unban an IP if needed:</p>
<CopyableCode
code={`
# Unban an IP from SSH protection
fail2ban-client set ssh-iptables unbanip <IP_ADDRESS>
# Unban an IP from Proxmox protection
fail2ban-client set proxmox unbanip <IP_ADDRESS>
`}
/>
<p className="mt-4">Fail2Ban will now automatically protect your Proxmox VE and SSH access, reducing the risk of brute-force attacks.</p>
<section className="mt-12 p-4 bg-blue-100 rounded-md"> <section className="mt-12 p-4 bg-blue-100 rounded-md">
<h2 className="text-xl font-semibold mb-2">Automatic Application</h2> <h2 className="text-xl font-semibold mb-2">Automatic Application</h2>
<p> <p>