Setup fail2ban to cover wings.md #468
+85
−0
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| # Fail2ban wings configuration | ||
|
|
||
| Fail2ban is a program that works with iptables to better secure your server and services from brute force login attempts | ||
|
|
||
| ### Step 1: instal Fail2Ban | ||
| (to my best knowledge, iptables will come with fail2ban when you install it, but if not install that too) | ||
Chronic-Reflexes marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| `apt-get install fail2ban` | ||
|
|
||
| ### Step 2: Copy some files, If you already have local files skip this | ||
| #### We have to copy .conf to .local files, as Local files will persist through updates | ||
|
|
||
| `cd /etc/fail2ban` | ||
| `cp fail2ban.conf fail2ban.local` | ||
| `cp jail.conf jail.local` | ||
|
|
||
| ### Step 3 Copy some text into the new local files | ||
|
|
||
| `nano /etc/fail2ban/jail.local` | ||
|
|
||
| scroll down until you see the actual jail portion of the file, input this text below the [SSHD] block, save it and exit | ||
| ``` | ||
| [wings] | ||
| enabled = true | ||
| port = 2022 | ||
| logpath = /var/log/pterodactyl/wings.log | ||
| maxretry = 4 | ||
| findtime = 3600 | ||
| bantime = -1 | ||
| backend = systemd | ||
| ``` | ||
|
|
||
| ### Step 4: Create the filter file and copy some more text | ||
|
|
||
| `cd /etc/fail2ban/conf.d/` | ||
|
There was a problem hiding this comment. By my side, on Ubuntu 22.04 and Fail2ban 0.11.2-6, the filter file comes into |
||
| `touch wings.conf` | ||
| `nano wings.conf` | ||
|
|
||
| Copy this text into the newly created file, Save then exit | ||
| ``` | ||
| # Fail2Ban filter for wings (Pterodactyl daemon) | ||
| # | ||
| # | ||
| # | ||
| # "WARN: [Sep 8 18:51:00.414] failed to validate user credentials (invalid format) ip=<HOST>:51782 subsystem=sftp username=logout" | ||
| # | ||
|
|
||
| [INCLUDES] | ||
|
|
||
| before = common.conf | ||
|
|
||
| [Definition] | ||
|
|
||
| _daemon = wings | ||
|
|
||
| failregex = failed to validate user credentials \([^\)]+\) ip=<HOST>:.* subsystem=sftp username=.*$ | ||
|
|
||
| ignoreregex = | ||
|
|
||
|
There was a problem hiding this comment. As far as I understand, in order to increase the search performance from the |
||
| [Init] | ||
|
|
||
| datepattern = \[%%b %%d %%H:%%M:%%S.%%f\] | ||
| ``` | ||
|
|
||
| ### Step 5: Enable Fail2ban service | ||
|
|
||
| `systemctl enable fail2ban` | ||
|
|
||
|
|
||
| #### Notes: | ||
| The rules applied to wings are fairly strict so if you feel like you need to adjust them, the settings are as follows | ||
| Max retry is the number of failed attempts someone can do within the time defined in "findtime" before they are banned | ||
|
|
||
| example: maxretry = 4 with findtime = 3600 with bantime = -1 | ||
|
|
||
| this will allow 4 failed login attempts within 3600 seconds (1 hour) before permanently banning someone | ||
| There are different time modifiers you can use, Most people will be using dd (day) mm (month) yy (year) | ||
| I do suggest you read up on fail2ban docs, you can get highly customised protection from custom configuration | ||
| https://manpages.debian.org/testing/fail2ban/jail.conf.5.en.html#TIME_ABBREVIATION_FORMAT | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be
installhere.