This commit is contained in:
MacRimi 2025-03-02 18:25:39 +01:00
parent 633de9bd15
commit de90a631f5

View File

@ -105,99 +105,130 @@ lynis audit system
/> />
<h3 className="text-xl font-semibold mt-16 mb-4 flex items-center"> <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
<StepNumber number={3} /> <StepNumber number={3} />
Protect Web Interface with Fail2Ban Protect Web Interface with Fail2Ban
</h3> </h3>
<p className="mb-4"> <p className="mb-4">
Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized access. Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized access.
</p> </p>
<p className="mb-4"> <p className="mb-4">
<strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and automatically bans the source IP address to prevent further attacks. <strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and automatically bans the source IP address to prevent further attacks.
</p> </p>
<ul className="list-disc pl-5 mb-4"> <ul className="list-disc pl-5 mb-4">
<li>Protects the Proxmox VE web interface from brute-force attacks</li> <li>Protects the Proxmox VE web interface from brute-force attacks</li>
<li>Prevents unauthorized SSH access by banning repeated failed login attempts</li> <li>Prevents unauthorized SSH access by banning repeated failed login attempts</li>
<li>Automatically blocks malicious IPs to reduce attack vectors</li> <li>Automatically blocks malicious IPs to reduce attack vectors</li>
</ul> </ul>
<p className="text-lg mb-2">This adjustment automates the following commands:</p> <h4 className="text-lg font-semibold mt-4">Fail2Ban Configuration Overview</h4>
<CopyableCode <p className="mb-4">
code={` Fail2Ban is configured with the following security policies:
# Install Fail2Ban </p>
apt-get -y install fail2ban <ul className="list-disc pl-5 mb-4">
<li><strong>Ban Duration:</strong> 24 hours for SSH and 1 hour for Proxmox</li>
<li><strong>Max Retries:</strong> 2 failed attempts for SSH, 3 for Proxmox</li>
<li><strong>Find Time:</strong> 30 minutes for SSH, 10 minutes for Proxmox</li>
<li><strong>Log Monitoring:</strong> <code>/var/log/auth.log</code> for SSH and <code>/var/log/daemon.log</code> for Proxmox</li>
</ul>
# Configure Proxmox filter to detect failed logins <p className="text-lg mb-2">Install and configure Fail2Ban with the following commands:</p>
cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf <CopyableCode
[Definition] code={`
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.* # Install Fail2Ban
ignoreregex = apt-get -y install fail2ban
EOF `}
`} />
/>
<p className="text-lg mt-4">Define security rules for Proxmox:</p> <p className="text-lg mt-4">Configure the Proxmox filter to detect failed logins:</p>
<CopyableCode <CopyableCode
code={` code={`
# Create a jail configuration for Proxmox # Create the Fail2Ban filter for Proxmox
cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
[proxmox] [Definition]
enabled = true failregex = pvedaemon\\[.*authentication failure; rhost=<HOST> user=.* msg=.*
port = https,http,8006,8007 ignoreregex =
filter = proxmox EOF
logpath = /var/log/daemon.log `}
maxretry = 3 />
bantime = 3600
findtime = 600
EOF
`}
/>
<p className="text-lg mt-4">Set up global Fail2Ban policies:</p> <p className="text-lg mt-4">Define security rules for Proxmox:</p>
<CopyableCode <CopyableCode
code={` code={`
# Configure general Fail2Ban settings # Create a jail configuration for Proxmox
cat <<EOF > /etc/fail2ban/jail.local cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
[DEFAULT] [proxmox]
ignoreip = 127.0.0.1 enabled = true
bantime = 86400 port = https,http,8006,8007
maxretry = 2 filter = proxmox
findtime = 1800 logpath = /var/log/daemon.log
maxretry = 3
bantime = 3600
findtime = 600
EOF
`}
/>
[ssh-iptables] <p className="text-lg mt-4">Set up global Fail2Ban policies:</p>
enabled = true <CopyableCode
filter = sshd code={`
action = iptables[name=SSH, port=ssh, protocol=tcp] # Configure general Fail2Ban settings
logpath = /var/log/auth.log cat <<EOF > /etc/fail2ban/jail.local
maxretry = 2 [DEFAULT]
findtime = 3600 ignoreip = 127.0.0.1
bantime = 32400 bantime = 86400
EOF maxretry = 2
`} findtime = 1800
/>
<p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p> [ssh-iptables]
<CopyableCode enabled = true
code={` filter = sshd
# Enable and restart Fail2Ban action = iptables[name=SSH, port=ssh, protocol=tcp]
systemctl enable fail2ban logpath = /var/log/auth.log
systemctl restart fail2ban maxretry = 2
`} findtime = 3600
/> bantime = 32400
EOF
`}
/>
<p className="text-lg mt-4">Check active Fail2Ban jails:</p> <p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p>
<CopyableCode <CopyableCode
code={` code={`
# Display Fail2Ban status # Enable and restart Fail2Ban
fail2ban-client status systemctl enable fail2ban
systemctl restart fail2ban
`}
/>
# Check status of Proxmox protection <p className="text-lg mt-4">Check active Fail2Ban jails:</p>
fail2ban-client status proxmox <CopyableCode
code={`
# Display Fail2Ban status
fail2ban-client status
# Check status of Proxmox protection
fail2ban-client status proxmox
# Check status of SSH protection
fail2ban-client status ssh-iptables
`}
/>
<h4 className="text-lg font-semibold mt-4">Managing Fail2Ban</h4>
<p className="mb-4">You can manually unban an IP if needed:</p>
<CopyableCode
code={`
# Unban an IP from SSH protection
fail2ban-client set ssh-iptables unbanip <IP_ADDRESS>
# Unban an IP from Proxmox protection
fail2ban-client set proxmox unbanip <IP_ADDRESS>
`}
/>
<p className="mt-4">Fail2Ban will now automatically protect your Proxmox VE and SSH access, reducing the risk of brute-force attacks.</p>
# Check status of SSH protection
fail2ban-client status ssh-iptables
`}
/>
<section className="mt-12 p-4 bg-blue-100 rounded-md"> <section className="mt-12 p-4 bg-blue-100 rounded-md">
<h2 className="text-xl font-semibold mb-2">Automatic Application</h2> <h2 className="text-xl font-semibold mb-2">Automatic Application</h2>