Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

General | Install Fail2Ban for all DietPi systems, as default. #90

Closed
Fourdee opened this issue Oct 13, 2015 · 7 comments
Closed

General | Install Fail2Ban for all DietPi systems, as default. #90

Fourdee opened this issue Oct 13, 2015 · 7 comments
Labels
Enhancement 💨

Comments

@Fourdee
Copy link
Collaborator

Fourdee commented Oct 13, 2015

http://fuzon.co.uk/phpbb/viewtopic.php?f=9&t=123&p=436#p428

NB: prevents brute-force attacks by banning IP address
@Fourdee Fourdee added this to the Software Requests milestone Oct 13, 2015
@Fourdee
Copy link
Collaborator Author

Fourdee commented Oct 13, 2015

The following NEW packages will be installed:
fail2ban libpython-stdlib libpython2.7-minimal libpython2.7-stdlib
libsqlite3-0 mime-support python python-minimal python2.7 python2.7-minimal
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,377 kB of archives.
After this operation, 16.6 MB of additional disk space will be used.

Pretty chunky due to python pre-reqs, will add as an optional installation option in DietPi-Software.

@Fourdee
Copy link
Collaborator Author

Fourdee commented Oct 13, 2015

NB: Requires rsyslog (so SSH can log to /var/log/auth.log via syslog), and SSh server logging enabled.

@Fourdee
Copy link
Collaborator Author

Fourdee commented Oct 13, 2015

Done, available in next release (v97).

@Fourdee Fourdee closed this as completed Oct 13, 2015
@joaofl
Copy link
Contributor

joaofl commented Apr 20, 2019

@Fourdee
I tried to install it today and it did not work out of the box. Investigating, I got to know rsyslog was required, and it is still not on the install script. Should I add it?

@MichaIng
Copy link
Owner

MichaIng commented Apr 20, 2019
edited
Loading

@joaofl
rsyslog is not required as long as journald is used to check for SSH authentication failures. And our installer pre-configures fail2ban to do so.

However does the installer break at some point? Will try it on test system.

Indeed some changes have been done to the Stretch fail2ban, staring with the logging system from numerical:

# Option: loglevel
# Notes.: Set the log level output.
#         1 = ERROR
#         2 = WARN
#         3 = INFO
#         4 = DEBUG
# Values: [ NUM ]  Default: 1
#
loglevel = 3

to words with more levels:

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = INFO

Maintainer defaults are what we want, will switch to keep the config file, leave the logging mode and only adjust the settings that we need (syslog/journald).

@MichaIng MichaIng mentioned this issue Apr 20, 2019
Merged
1 task
@MichaIng
Copy link
Owner

@joaofl
It is really only the loglevel settings that you need to change (or remove to revert to defaults):
In /etc/fail2ban/fail2ban.log:
loglevel = 3 => loglevel = INFO

I reworked our installed a bid and fixed this: #2727

@joaofl
Copy link
Contributor

joaofl commented Apr 20, 2019

@MichaIng Thanks for the quick fix. I'll give it a try soon.

@MichaIng MichaIng mentioned this issue Apr 29, 2019
Merged
@MichaIng MichaIng mentioned this issue May 11, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement 💨
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Fourdee @joaofl @MichaIng