https://bugs.koozali.org/show_bug.cgi?id=10799
Mauro De Carolis <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mauro.de_carolis@chemcharte
| |r.com
--- Comment #1 from Mauro De Carolis <[email protected]> ---
(In reply to John Crisp from comment #0)
I have been playing with the same idea for SME10.
As OpenVpn uses journal now for logging, I had to modify the templates as
follows:
/etc/fail2ban/filter.d/openvpn.local:
-----------------
# Fail2Ban filter for selected OpenVPN rejections
#
#
[Definition]
failregex = ^\s*\S+ openvpn\[\d+\]: TLS Error: incoming packet authentication
failed from \[AF_INET\]<HOST>:\d+$
^\s*\S+ openvpn\[\d+\]: <HOST>:\d+ Connection reset, restarting
^\s*\S+ openvpn\[\d+\]: <HOST>:\d+ TLS Auth Error
^\s*\S+ openvpn\[\d+\]: <HOST>:\d+ TLS Error: TLS handshake failed$
^\s*\S+ openvpn\[\d+\]: <HOST>:\d+ VERIFY ERROR
ignoreregex =
journalmatch = _SYSTEMD_UNIT=openvpn-bridge.service
-----------------
to be added to /etc/fail2ban/jail.conf:
-----------------
# Fail2Ban configuration fragment for OpenVPN
[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
backend = systemd
maxretry = 3
action = smeserver-iptables[bantime=1800]
smeserver-sendmail[name="OpenVPN-Bridge",dest=root]
-----------------
I do not have the skills to integrate this into the templates system properly.
Above have been tested with:
openvpn-2.4.11-1.el7.x86_64
smeserver-openvpn-bridge-2.1-15.el7.sme.noarch
smeserver-fail2ban-0.1.18-25.el7.sme.noarch
fail2ban-server-0.11.2-3.el7.noarch
To test the regexp:
fail2ban-regex systemd-journal /etc/fail2ban/filter.d/openvpn.local
I hope this helps.
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
