[Dxspider-support] Lockout a user and fail2ban
Joaquin .
joaquin at cronux.net
Wed May 13 16:17:59 CEST 2020
Hi,
For some time I was thinking about the possibility of locking IPs, and
reading the comments on the mailing list I have encouraged myself to do
this little test that seems to work well.
I pass it in case it could be useful to someone, I think it can be
optimized, I am a simple learner in perl :-)
Kin, EA3CV
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200513/ea1231c8/attachment-0001.htm>
-------------- next part --------------
I have modified the set and unset lockout.pl scripts to add IP lock/unlock functionality using fail2ban.
It is implemented in Debian/Ubuntu.
Step to detail its implementation:
1. Create a new jail for DXSpider
root at ea3cv-cluster3:~# cd /etc/fail2ban/
If the jail.local file does not exist, we create it:
nano jail.local
We will add:
[dxspider]
enabled = true
filter = dxspider
action = iptables[name=DXSPIDER, port="7300", protocol=tcp]
logpath = /var/log/dxspider.log
bantime = -1
maxretry = 2
If the jail.local file already exists, just add the above.
2. We create a dummy filter
root at ea3cv-cluster3:~# cd /etc/fail2ban/filter.d
nano dxspider.conf
[Definition]
failregex = ^\[\w{1,3}.\w{1,3}.\d{1,2}.\d{1,2}:\d{1,2}:\d{1,2} \d{1,4}. \[error] \[client.<HOST>].File does not exist:.{1,40}roundcube.{1,200}
ignoreregex =
3. We create a dummy log file
root at ea3cv-cluster3:~# touch /var/log/dxspider.log
4. We restart the service
root at ea3cv-cluster3:~# service fail2ban restart
5. We modified sudo so that it can execute IP locked/unlocked commands
root at ea3cv-cluster3:~# cd /etc/sudoers.d
root at ea3cv-cluster3:~# nano sysop
########################################
# Security policy for user "sysop" #
# Only commands are allowed to run: #
# fail2ban-client #
########################################
#### CONFIGURACION GLOBAL
# Alias to define the server hostname
Host_Alias SERVER = localhost, ea3cv-cluster3
# Default setting for passwords
Defaults passwd_tries = 3, passwd_timeout = 5
# Default directory and file mask
Defaults at SERVER umask = 0022
# Users
# Alias para definir al usuario "pepe"
User_Alias USR_SYSOP = sysop
# Commands
# Aliases to define the commands
Cmnd_Alias CMD_FAIL2BAN_CLIENT = /usr/bin/fail2ban-client
# Rules
USR_SYSOP SERVER = NOPASSWD:CMD_FAIL2BAN_CLIENT
Note: The variable "Host_Alias SERVER" must be changed according to the content of the hostname of the machine.
We will execute the command:
root at ea3cv-cluster3:~# chmod 440 *
6. In local_cmd/set we will copy the file set_lockout.pl as lockout.pl
7. In local_cmd/unset we will copy the file unset_lockout.pl as lockout.pl
With the iptables command we can see how when executing set/lockout XX0XYZ with the IP address 192.168.1.36, it will appear in f2b-DXSPIDER
root at ea3cv-cluster3:~# iptables -nvL
Chain f2b-DXSPIDER (1 references)
pkts bytes target prot opt in out source destination
6 268 REJECT all -- * * 192.168.1.36 0.0.0.0/0 reject-with icmp-port-unreachable
94 3862 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Ready to go!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: set_lockout.pl
Type: application/x-perl
Size: 1304 bytes
Desc: not available
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200513/ea1231c8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unset_lockout.pl
Type: application/x-perl
Size: 1394 bytes
Desc: not available
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20200513/ea1231c8/attachment-0003.bin>
More information about the Dxspider-support
mailing list