Fail2ban for Sentora (Centos 7)

[bbspike]

Hi there,

I have made a little script to install fail2ban for Sentora Centos 7.

The script will do the follow:

- Disable firewalld as fail2ban for Sentora will use iptables
- install iptables
-configuring common ports for iptables (please check if you have custom ports open)
- Install fail2ban
- Download de files for Sentora from my server
- Install the filters for Sentora
- Replace the jail.local for Sentora
- start iptbales and fail2ban

Please read the follow:

Only for centos 7 for now
Not possible to use firewalld after install
Make sure you add your own ports to iptables after install
Test it first

Code:

bash <(curl -L -Ss http://park.webimproved.nl/fail2ban/install.sh)

It comes with the following jails:

Proftpd
Ssh
Apache
Dovecot
Postfix

You may want tot edit the jail.local file in /etc/fail2ban tot enable email notification. Here you can also edit the ban times, retry failers and search time.

[Tango]

Hi there,

I have made a little script to install fail2ban for Sentora Centos 7.

The script will do the follow:

- Disable firewalld as fail2ban for Sentora will use iptables
- install iptables
-configuring common ports for iptables (please check if you have custom ports open)
- Install fail2ban
- Download de files for Sentora from my server
- Install the filters for Sentora
- Replace the jail.local for Sentora
- start iptbales and fail2ban

Please read the follow:

Only for centos 7 for now
Not possible to use firewalld after install
Make sure you add your own ports to iptables after install
Test it first

Code:

bash <(curl -L -Ss http://park.webimproved.nl/fail2ban/install.sh)

It comes with the following jails:

Proftpd
Ssh
Apache
Dovecot
Postfix

You may want tot edit the jail.local file in /etc/fail2ban tot enable email notification. Here you can also edit the ban times, retry failers and search time.

Hi! I´ll paste my log: fail2ban is working, but some errors during installation appeared:

Code:

Checking that minimal requirements are ok
Detected : CentOs  7  x86_64
Ok.

Failed to issue method call: Unit firewalld.service not loaded.


ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
libkmod: kmod_module_new_from_loaded: could not open /proc/modules: No such file or directory
Error: could not get list of modules: No such file or directory

Installing : kernel-.10.0-229.11.1.el7.x86_64                                                                                                            2/10
grubby fatal error: unable to find a suitable template

[Me.B]

Seem issue with centos 7. You might need to disable firewallD & install iptables instead.

M B

[bbspike]

Seem issue with centos 7. You might need to disable firewallD & install iptables instead.

M B

The script should have disbable firewalld and install iptabels automaticly.

It seems that firewallD was never used in the first place in youre setup. Maybe yoiu ever install CSF firewall or something?

[Tango]

Hi!

Yes, my dedicated Centos 7 template, installs it MINIMAL (which is great).

[bbspike]

Oké. The script will nog work correctly then. Its a low tech script
Wich assumes that u use the official minimal centos 7 ISO with firewalld installed.

[bbspike]

Hello all,

If you ever used my script installer for fail2ban please update your /etc/fail2ban/jail.local with the following:

Code:

[DEFAULT]
bantime  = 3600
maxretry = 4
destemail =
ignoreip = 127.0.0.0/8
action = iptables

[ssh]
enabled  = true
action = iptables[name=SSH, port="22"]
port     = ssh
filter   = sentora-ssh
logpath  = /var/log/secure
maxretry = 6
bantime  = 360000

# the sentora-apache filter covers apache auth and overflow
[apache]
enabled  = true
action = iptables-multiport[name=Postfix, port="80,443"]
port     = http,https
filter   = sentora-apache
logpath  = /var/sentora/logs/domains/*/*error.log
maxretry = 6

#sentora

uses also de secure log for proftpd.
[proftpd]
enabled  = true
action = iptables[name=FTP, port="21"]
port     = ftp,ftp-data,ftps,ftps-data
filter   = sentora-proftpd
logpath  = /var/log/secure
maxretry = 5

# the sentora-postfix filter covers postfix and sasl
[postfix]
enabled  = true
action = iptables-multiport[name=Postfix, port="25,465"]
port     = smtp,ssmtp
filter   = sentora-postfix
logpath  = /var/log/maillog
maxretry = 10

# to be fixed yet
#[control-panel]

#enabled

 = true

#port

    = http,https

#filter

  = sentora-control

#logpath

 = /var/log/httpd/error_log

#maxretry

= 4

#bantime

 = 864000

#findtime

= 3600

[dovecot]
enabled  = true
action = iptables-multiport[name=Dovecot, port="143,993,110,995"]
port     = imap,imaps,pop3,pop3s
filter   = sentora-dovecot
logpath  = /var/log/dovecot-info.log
maxretry = 10

There where some flaws and are fixed now.

Don't forget:

Code:

service fail2ban restart

[Tango]

¡Thanks! Just Dont forget to:

Code:

service fail2ban restart

and

Code:

service fail2ban status

to check status.

[bbspike]

¡Thanks! Just Dont forget to:

Code:

service fail2ban restart

and

Code:

service fail2ban status

to check status.

Absoluely right! Updated the post. Tnx.

[poemihai]

Hi everyone
Can someone adapt this for Ubuntu server (14.04 LTS) please ? I'm new to this and would like to have the security interface integrated in Sentora's Panel for easier management.

Thanks alot!