[[Fail2ban et Firewalld]]
Trace: EsupDays10 references Fail2ban et Firewalld
Show pagesourceOld revisions
AdminRecent ChangesSitemap

* ancien site

This is an old revision of the document!

Fail2ban et Firewalld

l'objectif initial est de bannir les acces en bruteforce au login frauduleux sur wordpress

helas, l'installation des packages fail2ban et fail2-firewalld ne fonctionne pas par defaut

install

yum install fail2ban fail2ban-firewalld
fail2ban-0.11.2-1.el8.noarch
fail2ban-firewalld-0.11.2-1.el8.noarch

erreur , echecs

apres 2 premieres corrections sur le passage a une action de type firewallcmd-rich-rules et remplacement sur “:” par “-” pour le multiport

l'ajout de regle continue d'echouer 

[root@wmut2 ~]# fail2ban-client -d | grep 'wordpres'
['add', 'wordpress', 'auto']
['set', 'wordpress', 'usedns', 'warn']
['multi-set', 'wordpress', 'addfailregex', ['^<HOST> .* "POST .*wp-login.php', '^<HOST> .* "POST .*xmlrpc.php']]
['set', 'wordpress', 'maxretry', 12]
['set', 'wordpress', 'maxmatches', 12]
['set', 'wordpress', 'findtime', '120']
['set', 'wordpress', 'bantime', '120']
['set', 'wordpress', 'ignorecommand', '']
['set', 'wordpress', 'logencoding', 'auto']
['set', 'wordpress', 'addlogpath', '/var/log/httpd/ssl_access_log', 'head']
['set', 'wordpress', 'addaction', 'firewallcmd-rich-rules']
['multi-set', 'wordpress', 'action', 'firewallcmd-rich-rules', [['actionstart', ''], ['actionstop', ''], ['actioncheck', ''], ['actionban', 'ports="$(echo \'1-65535\' | sed s/:/-/g)"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family=\'<family>\' source address=\'<ip>\' port port=\'$p\' protocol=\'tcp\' reject type=\'<rejecttype>\'"; done'], ['actionunban', 'ports="$(echo \'1-65535\' | sed s/:/-/g)"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family=\'<family>\' source address=\'<ip>\' port port=\'$p\' protocol=\'tcp\' reject type=\'<rejecttype>\'"; done'], ['name', 'wordpress'], ['actname', 'firewallcmd-rich-rules'], ['port', '1-65535'], ['protocol', 'tcp'], ['family', 'ipv4'], ['chain', 'INPUT_direct'], ['zone', 'public'], ['service', 'ssh'], ['rejecttype', 'icmp-port-unreachable'], ['blocktype', 'REJECT --reject-with <rejecttype>'], ['rich-blocktype', "reject type='<rejecttype>'"], ['family?family=inet6', 'ipv6'], ['rejecttype?family=inet6', 'icmp6-port-unreachable']]]
['start', 'wordpress']
2022-06-26 19:44:24,776 fail2ban.actions        [501990]: NOTICE  [wordpress] Ban 165.232.177.194
2022-06-26 19:44:24,847 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- exec: nft add table inet f2b-table
nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}
nft add set inet f2b-table addr-set-wordpress \{ type ipv4_addr\; \}

nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp \} ip saddr @addr-set-wordpress reject

2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: 'Error: Could not process rule: Numerical result out of range'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: 'add set inet f2b-table addr-set-wordpress { type ipv4_addr; }'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: '^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: 'Error: No such file or directory'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: 'add rule inet f2b-table f2b-chain meta l4proto { tcp } ip saddr @addr-set-wordpress reject'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- stderr: '                                                                ^^^^^^^^^^^^^^^^^^^'
2022-06-26 19:44:24,848 fail2ban.utils          [501990]: ERROR   7ff7ae172030 -- returned 1
2022-06-26 19:44:24,848 fail2ban.actions        [501990]: ERROR   Failed to execute ban jail 'wordpress' action 'nftables-allports' info 'ActionInfo({'ip': '165.232.177.194', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7ff7aca6fe18>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7ff7aca70510>})': Error starting action Jail('wordpress')/nftables-allports: 'Script error'
2022-06-26 19:44:33,372 fail2ban.filter         [501990]: WARNING [wordpress] Simulate NOW in operation since found time has too large deviation 1656265398 ~ 1656265473.3721204 +/- 60

references

  1. https://github.com/fail2ban/fail2ban/issues/3047
  2. https://serverfault.com/questions/1057765/is-fail2ban-working-without-firewalld
  3. https://www.redhat.com/en/blog/using-iptables-nft-hybrid-linux-firewall
docpublic/systemes/fail2ban_firewalld.1656268234.txt.gz · Last modified: 2022/06/26 18:30 by adminjp
Show pagesourceOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0