Fail2ban for Sentora (Centos 7)

[kmlreverser]

Hi,
first Sorry, my english isn't good,
After install if you se this errors in your log: cat /var/log/messages |grep fail2ban |grep ERROR |cut -d: -f 4
ERROR  Found no accessible config files for 'fail2ban' under /etc/fail2ban
ERROR  No section
ERROR  Found no accessible config files for 'filter.d/sentora-ssh' under /etc/fail2ban
ERROR  Unable to read the filter
ERROR  Errors in jail 'ssh'. Skipping...
ERROR  Found no accessible config files for 'filter.d/sentora-apache' under /etc/fail2ban
ERROR  Errors in jail 'apache'. Skipping...
ERROR  Found no accessible config files for 'filter.d/sentora-proftpd' under /etc/fail2ban
ERROR  Errors in jail 'proftpd'. Skipping...
ERROR  Found no accessible config files for 'filter.d/sentora-postfix' under /etc/fail2ban
ERROR  Errors in jail 'postfix'. Skipping...
ERROR  Found no accessible config files for 'filter.d/sentora-dovecot' under /etc/fail2ban
ERROR  Errors in jail 'dovecot'. Skipping...
ERROR  Found no accessible config files for 'action.d/iptables' under /etc/fail2ban
ERROR  Error in action definition iptables[name=SSH, port="22"]
ERROR  Found no accessible config files for 'action.d/iptables-multiport' under /etc/fail2ban
ERROR  Error in action definition iptables-multiport[name=Postfix, port="80,443"]
ERROR  Error in action definition iptables[name=FTP, port="21"]
ERROR  Error in action definition iptables-multiport[name=Postfix, port="25,465"]
ERROR  Error in action definition iptables-multiport[name=Dovecot, port="143,993,110,995"]

You need to force reinstall fail2ban:

for rpm in $(rpm -qa |grep fail2ban)
do
yum reinstall $rpm -y
done

After need to run the script of bbspike (Very thanks for you script )

echo ""
echo "############################################################"
echo "#  Fail2Ban for Sentora 1.0.0  #"
echo "############################################################"

echo -e "\nChecking that minimal requirements are ok"

# Ensure the OS is compatible with the launcher
if [ -f /etc/centos-release ]; then
   OS="CentOs"
   VERFULL=$(sed 's/^.*release //;s/ (Fin.*$//' /etc/centos-release)
   VER=${VERFULL:0:1} # return 6 or 7
elif [ -f /etc/lsb-release ]; then
   OS=$(grep DISTRIB_ID /etc/lsb-release | sed 's/^.*=//')
   VER=$(grep DISTRIB_RELEASE /etc/lsb-release | sed 's/^.*=//')
else
   OS=$(uname -s)
   VER=$(uname -r)
fi
ARCH=$(uname -m)

echo "Detected : $OS  $VER  $ARCH"

if [[ "$OS" = "CentOs" && ("$VER" = "6" || "$VER" = "7" ) ]] ; then
   echo "Ok."
else
   echo "Sorry, this OS is not supported."
   exit 1
fi
systemctl stop firewalld
systemctl mask firewalld
yum install unzip
yum install wget
yum install iptables-services
systemctl enable iptables
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
service iptables save
yum install fail2ban
mkdir /etc/sentora/panel/modules/fail2ban
cd /etc/sentora/panel/modules/fail2ban
wget http://park.webimproved.nl/fail2ban/sent...il2ban.zip
unzip sentora-fail2ban.zip
cp -f /etc/sentora/panel/modules/fail2ban/centos.jail.local /etc/fail2ban/
mv /etc/fail2ban/centos.jail.local /etc/fail2ban/jail.local
cp -f /etc/sentora/panel/modules/fail2ban/*.conf /etc/fail2ban/filter.d/
chmod 777 /etc/fail2ban/jail.local
cp -f /etc/sentora/panel/modules/fail2ban/sentora-fail2ban-centos /etc/cron.daily/
chkconfig --level 23 fail2ban on
systemctl start iptables
service fail2ban start

after install check if you fail2ban its running:
Exec: systemctl status fail2ban.service

You see:
● fail2ban.service - Fail2Ban Service
  Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
  Active: active (running) since jue 2016-02-04 22:58:44 CET; 4min 54s ago
    Docs: man:fail2ban(1)
 Process: 121255 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=0/SUCCESS)
Main PID: 121258 (fail2ban-server)
  CGroup: /system.slice/fail2ban.service
          └─121258 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b

[americanninja]

Hi everyone
Can someone adapt this for Ubuntu server (14.04 LTS) please ? I'm new to this and would like to have the security interface integrated in Sentora's Panel for easier management.

Thanks alot!

I find DigitalOcean write ups to be the best on the net. Have a look at this one. I just setup my Ubuntu 14.04 running Sentora 1.0.3 with this guide and things are working great!

https://www.digitalocean.com/community/t...untu-14-04

[FernandoGarcia]

Hi!

Someone can point me the custom filter for Sentora control panel please?

Best regards.

[Jettaman]

Hello everyone,


I just wanted to add that I am writing a bash script to install Fail2ban on CentOS & Ubuntu for Sentora. This script will add custom filters to work with Sentora install and all versions of supported services like (Apache, Dovecot, Postfix, Proftpd, Roundcube, SSH) and hopefully control panel filter as while (Coming soon). I am working on finishing code asap. If there is anyone that wants to help test please post below. 

The more support the faster I can finish. Let's do this!

[Vedran B]

Hello everyone,


I just wanted to add that I am writing a bash script to install Fail2ban on CentOS & Ubuntu for Sentora. This script will add custom filters to work with Sentora install and all versions of supported services like (Apache, Dovecot, Postfix, Proftpd, Roundcube, SSH) and hopefully control panel filter as while (Coming soon). I am working on finishing code asap. If there is anyone that wants to help test please post below. 

The more support the faster I can finish. Let's do this!

I use fail2ban a lot, I have some ideas/jails for f2b, maybe a bit of hardening with fail2ban integrated into sentora installer. I have some custom shell scripts for f2b tasks.