[contribteam] [Bug 10799] Fail2ban OpenVPN routed templates

Tue, 20 Aug 2019 03:21:04 -0700 

https://bugs.contribs.org/show_bug.cgi?id=10799

            Bug ID: 10799
           Summary: Fail2ban OpenVPN routed templates
    Classification: Contribs
           Product: SME Contribs
           Version: Futur
          Hardware: ---
                OS: ---
            Status: CONFIRMED
          Severity: normal
          Priority: P3
         Component: smeserver-fail2ban
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
  Target Milestone: ---

After getting whacked with some attacks I decided to add some templates for
OpenVPN routed. This is just a quick note to self. 

Needs properly templating for enable/disable and any other options required eg
check if openvpn-routed it enabled etc.

config getprop openvpn-routed status

Could also be modded to add openvpn-bridged.

This is based on this:
https://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_OpenVPN

Template:


/etc/fail2ban/filter.d/openvpn.conf


# Fail2Ban filter for selected OpenVPN rejections
# https://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_OpenVPN
#

[Definition]

# Example messages (other matched messages not seen in the testing server's
logs):
# Fri Sep 23 11:55:36 2016 TLS Error: incoming packet authentication failed
from [AF_INET]59.90.146.160:51223
# Thu Aug 25 09:36:02 2016 117.207.115.143:58922 TLS Error: TLS handshake
failed

failregex = ^ TLS Error: incoming packet authentication failed from
\[AF_INET\]<HOST>:\d+$
            ^ <HOST>:\d+ Connection reset, restarting
            ^ <HOST>:\d+ TLS Auth Error
            ^ <HOST>:\d+ TLS Error: TLS handshake failed$
            ^ <HOST>:\d+ VERIFY ERROR

ignoreregex = 




/etc/e-smith/templates/etc/fail2ban/jail.conf/99openVpn



# Fail2Ban configuration fragment for OpenVPN

[openvpn]
enabled  = true
port     = 1194
protocol = udp
filter   = openvpn
logpath  = /var/log/openvpn-routed/current
maxretry = 3
bantime  = 604800
findtime = 86400
#maxretry = 5
#backend  = polling
action   = smeserver-iptables[bantime=604800]
           smeserver-sendmail[name="OpenVPN",dest=root]


Test with:

fail2ban-regex /var/log/openvpn-routed/current
/etc/fail2ban/filter.d/openvpn.conf

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to