Fri, 13th Feb 2015 EDIT: Now fail2ban also works with dovecot and postfix… 😉
I assume You’re using Shorewall + Fail2ban to tighten your sshd security and protect yourself from a brute-force attack. About basic Shorewall configuration and installation I wrote here. Installation of fail2ban is ridiculously simple. Install. Enable. Configure. Start.
Configuration however of the two of them together can be tricky. I’ve done it. Created backups of the .conf files and after today’s fail2ban upgrade that wiped my .conf file I’ve decided to make them public.
Here is my shorewall.conf adjusted so that it works with Fail2ban:
Here is my jail.conf edited to work with Shorewall.
Some fiddling with the jail.conf will be necessary (recipients e-mail address, ban time, sshd port etc.). Shorewall’s config is just about ready to use as it is. If You want to make it work with services other then sshd, postfix, postfix sasl and dovecot – you’re on your own. More fiddling with jail.conf (and possibly other .conf files) will be required.
I will try keeping them updated.
Current files work:
Sat Aug 1 07:52:40 IST 2015
Examples of info that fail2ban e-mails to the user:
[Fail2Ban] SSH: started on icsserver.loc
Hi,
The jail SSH has been started successfully.
Regards,
Fail2Ban
[Fail2Ban] SSH: stopped on icsserver.loc
Hi,
The jail SSH has been stopped.
Regards,
Fail2Ban
[Fail2Ban] SSH: banned ZZZ.XXX.YYY.ABC from icsserver.loc
Hi,
The IP ZZZ.XXX.YYY.ABC has just been banned by Fail2Ban after
3 attempts against SSH.Here is more information about ZZZ.XXX.YYY.ABC:
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# http://www.arin.net/public/whoisinaccuracy/index.xhtml
##
# The following results may also be obtained via:[Snip]Whois info[/Snip]
Regards,
Fail2Ban
Cheers.
Andrzej
