This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Fail2ban for Sentora (Centos 7)
#1
Fail2ban for Sentora (Centos 7)
Hi there,

I have made a little script to install fail2ban for Sentora Centos 7.

The script will do the follow:

- Disable firewalld as fail2ban for Sentora will use iptables
- install iptables
-configuring common ports for iptables (please check if you have custom ports open)
- Install fail2ban
- Download de files for Sentora from my server
- Install the filters for Sentora
- Replace the jail.local for Sentora
- start iptbales and fail2ban

Please read the follow:

Only for centos 7 for now
Not possible to use firewalld after install
Make sure you add your own ports to iptables after install
Test it first

Code:
bash <(curl -L -Ss http://park.webimproved.nl/fail2ban/install.sh)

It comes with the following jails:

Proftpd
Ssh
Apache
Dovecot
Postfix

You may want tot edit the jail.local file in /etc/fail2ban tot enable email notification. Here you can also edit the ban times, retry failers and search time.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by: Tango
#2
RE: Fail2ban for Sentora
(06-28-2015, 07:06 AM)bbspike Wrote: Hi there,

I have made a little script to install fail2ban for Sentora Centos 7.

The script will do the follow:

- Disable firewalld as fail2ban for Sentora will use iptables
- install iptables
-configuring common ports for iptables (please check if you have custom ports open)
- Install fail2ban
- Download de files for Sentora from my server
- Install the filters for Sentora
- Replace the jail.local for Sentora
- start iptbales and fail2ban

Please read the follow:

Only for centos 7 for now
Not possible to use firewalld after install
Make sure you add your own ports to iptables after install
Test it first

Code:
bash <(curl -L -Ss http://park.webimproved.nl/fail2ban/install.sh)

It comes with the following jails:

Proftpd
Ssh
Apache
Dovecot
Postfix

You may want tot edit the jail.local file in /etc/fail2ban tot enable email notification. Here you can also edit the ban times, retry failers and search time.

Hi! I´ll paste my log: fail2ban is working, but some errors during installation appeared:

Code:
Checking that minimal requirements are ok
Detected : CentOs  7  x86_64
Ok.

Failed to issue method call: Unit firewalld.service not loaded.


ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
libkmod: kmod_module_new_from_loaded: could not open /proc/modules: No such file or directory
Error: could not get list of modules: No such file or directory

Installing : kernel-.10.0-229.11.1.el7.x86_64                                                                                                            2/10
grubby fatal error: unable to find a suitable template
Reply
Thanks given by:
#3
RE: Fail2ban for Sentora
Seem issue with centos 7. You might need to disable firewallD & install iptables instead.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Freelance AWS Certified Architect & SysOps// DevOps

10$ free to start your VPS
Reply
Thanks given by:
#4
RE: Fail2ban for Sentora
(09-10-2015, 05:56 PM)Me.B Wrote: Seem issue with centos 7. You might need to disable firewallD & install iptables instead.

M B

The script should have disbable firewalld and install iptabels automaticly.

It seems that firewallD was never used in the first place in youre setup. Maybe yoiu ever install CSF firewall or something?
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#5
RE: Fail2ban for Sentora
Hi!

Yes, my dedicated Centos 7 template, installs it MINIMAL (which is great).
Reply
Thanks given by:
#6
RE: Fail2ban for Sentora
Oké. The script will nog work correctly then. Its a low tech script
Wich assumes that u use the official minimal centos 7 ISO with firewalld installed.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#7
RE: Fail2ban for Sentora
Hello all,

If you ever used my script installer for fail2ban please update your /etc/fail2ban/jail.local with the following:

Code:
[DEFAULT]
bantime  = 3600
maxretry = 4
destemail =
ignoreip = 127.0.0.0/8
action = iptables

[ssh]
enabled  = true
action = iptables[name=SSH, port="22"]
port     = ssh
filter   = sentora-ssh
logpath  = /var/log/secure
maxretry = 6
bantime  = 360000

# the sentora-apache filter covers apache auth and overflow
[apache]
enabled  = true
action = iptables-multiport[name=Postfix, port="80,443"]
port     = http,https
filter   = sentora-apache
logpath  = /var/sentora/logs/domains/*/*error.log
maxretry = 6

#sentora
uses also de secure log for proftpd.
[proftpd]
enabled  = true
action = iptables[name=FTP, port="21"]
port     = ftp,ftp-data,ftps,ftps-data
filter   = sentora-proftpd
logpath  = /var/log/secure
maxretry = 5

# the sentora-postfix filter covers postfix and sasl
[postfix]
enabled  = true
action = iptables-multiport[name=Postfix, port="25,465"]
port     = smtp,ssmtp
filter   = sentora-postfix
logpath  = /var/log/maillog
maxretry = 10

# to be fixed yet
#[control-panel]
#enabled
 = true
#port
    = http,https
#filter
  = sentora-control
#logpath
 = /var/log/httpd/error_log
#maxretry
= 4
#bantime
 = 864000
#findtime
= 3600

[dovecot]
enabled  = true
action = iptables-multiport[name=Dovecot, port="143,993,110,995"]
port     = imap,imaps,pop3,pop3s
filter   = sentora-dovecot
logpath  = /var/log/dovecot-info.log
maxretry = 10

There where some flaws and are fixed now.

Don't forget:

Code:
service fail2ban restart
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#8
RE: Fail2ban for Sentora
¡Thanks! Just Dont forget to:

Code:
service fail2ban restart

and

Code:
service fail2ban status

to check status.
Reply
Thanks given by: bbspike
#9
RE: Fail2ban for Sentora
(10-19-2015, 06:52 PM)Tango Wrote: ¡Thanks! Just Dont forget to:

Code:
service fail2ban restart

and

Code:
service fail2ban status

to check status.

Absoluely right! Updated the post. Tnx.
[Image: logo2.png]

My being on this forum is all personal and all is done here by me has nothing to with the company Web Improved I work for Smile
Reply
Thanks given by:
#10
RE: [HOW-TO] Fail2ban for Sentora (Centos 7)
Hi everyone Smile
Can someone adapt this for Ubuntu server (14.04 LTS) please ? I'm new to this and would like to have the security interface integrated in Sentora's Panel for easier management.

Thanks alot!
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Secure Sentora With SSLForFree Chris L 1 4 ,623 01-22-2020, 09:19 PM
Last Post: ralphharder
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 5 16 ,802 03-18-2019, 01:23 AM
Last Post: BigBang
Timeout for Sentora Admin Panel minufreelance 12 44 ,996 11-24-2018, 12:33 PM
Last Post: fearworks

Forum Jump:


Users browsing this thread: 1 Guest(s)