Oleg, Hope you have the problem resolved.
Had a similar issue trying to get fail2ban to work on a FreePBX LX branded zone. Freepbx is centos based with iptables, but I was able to get it up and running by editing /etc/fail2ban/action.d/ipfilter.conf to point to the native ipf path ( /native/usr/sbin/ipf ) and replacing the references of iptables in the default jail.local file with ipfilter. From my understanding you need to have the filters first (/etc/fail2ban/filter.d/ ), then the specific action ( /etc/fail2ban/action.d/ipfilter.conf + edits to point to /native/usr/sbin/ipf ), and then configure your jail.local / .conf file. example: [nginx-auth] enabled = true filter = nginx-authaction = ipfilter logpath = /var/log/nginx*/*error*.log bantime = 600 # 10 minutes maxretry = 6 This article might help, they have some generic filters you may want to try / tweak: https://snippets.aktagon.com/snippets/554-how-to-secure-an-nginx-server-with-fail2ban Hope that helps, Clay On Wed, Apr 27, 2016 at 1:06 PM, Oleg Sumarokov <[email protected]> wrote: > Hi Jason, > > You get me right, the package is there but I wasn't able to find the > comprehensive man (guide) on how to make it work in zone. The provided link > touching slightly different approach. > > Thank you, > > Yours sincerely, > Oleg Sumarokov > > Privileged - Private & Confidential > > On 27 April 2016 at 16:55, Jason Lawrence <[email protected]> wrote: > >> Latest pkgin releases provide fail2ban as a package, so that's easy. >> After that you might need to make some tweaks to the config files. Looks >> like this guide covers most of the details (ie, ipfilter paths and such): >> http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ >> . >> >> If you want to send alerts via email, sendmail took a few adjustments if >> I remember correctly. Pretty sure I remember just needing to remove the >> "Date:" header out of the 'actionban' action in >> /opt/local/etc/fail2ban/action.d/sendmail<your_choice>. >> >> If you're asking about something like coordinating zone/GZ firewalls, >> then I've misunderstood your question. >> >> --jason >> >> >> On Wed, Apr 27, 2016, at 03:00 AM, Oleg Sumarokov wrote: >> >> I am not switching to Russian because that information, potentially, will >> help someone else not just me :) >> >> In my case no reverse proxies or balancers - I am getting all requests by >> this particular Apache instance. (it sits in DMZ with all required >> isolations but ...) >> The question is - how to correctly configure fail2ban in smartos zone - >> the man pages for fail2ban are generic - so I was looking for alternatives >> and better (practical) knowledge in that space. >> >> Thank you! >> >> >> Yours sincerely, >> Oleg Sumarokov >> >> Privileged - Private & Confidential >> >> On 26 April 2016 at 22:46, Tiraen <[email protected]> wrote: >> >> Ok, let's on English. What I really *) Just saw the signature on the >> letter. And I understood that will understand what I mean. >> >> The question is not that the bots are looking for. They are always >> looking for the same thing. >> 1) If your Web server requests go directly from clients, then yes, you >> can have them blocked by the firewall (in this case ipfilter) >> 2) But if the front is haproxy/nginx/etc as a balancer, or just the >> reverse - the firewall can not do anything, because the network stack will >> turn the proxy address and the address of the client - only log. In such >> cases - lua >> >> >> 2016-04-26 22:17 GMT+03:00 Oleg Sumarokov <[email protected]>: >> >> Thank you for the link, all bots are trying to find php or something >> similar. >> All requests are customer requests in apache log. >> >> Yours sincerely, >> Oleg Sumarokov >> >> Privileged - Private & Confidential >> >> On 26 April 2016 at 21:34, Tiraen <[email protected]> wrote: >> >> >> Если от клиентов напрямую, то >> >> http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ >> >> вот это можно попробовать адаптировать, под нужды. >> >> Если через кого то в лог - то только lua. >> >> >> 2016-04-26 21:27 GMT+03:00 Tiraen <[email protected]>: >> >> >> These addresses where you comes? Directly from the customer or through a >> proxy (revers) / cdn >> >> Эти адреса вам куда приходят? Напрямую от клиентов, или через реверс >> прокси/cdn ? >> >> >> >> 2016-04-25 22:51 GMT+03:00 Oleg Sumarokov <[email protected]>: >> >> Colleagues, >> >> How to correctly configure fail2ban in apache(nginx) zone is there any >> alternative solution? >> >> access log full of requests like: (real IPs replaced with 127.0.0.1) >> >> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >> http://127.0.0.1:80/db/db-admin/ HTTP/1.1" 404 - >> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >> http://127.0.0.1:80/db/dbadmin/ HTTP/1.1" 404 - >> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >> http://127.0.0.1:80/db/dbweb/ HTTP/1.1" 404 - >> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >> http://127.0.0.1:80/db/myadmin/ HTTP/1.1" 404 - >> >> Thank you in advance, >> >> Yours sincerely, >> Oleg Sumarokov >> >> Privileged - Private & Confidential >> >> >> >> >> >> -- >> With best regards, >> >> Vyacheslav Yakushev, >> >> Unix system administrator >> >> >> >> >> >> -- >> With best regards, >> >> Vyacheslav Yakushev, >> >> Unix system administrator >> >> >> >> >> >> >> >> -- >> With best regards, >> >> Vyacheslav Yakushev, >> >> Unix system administrator >> >> >> *smartos-discuss* | Archives >> <https://www.listbox.com/member/archive/184463/=now> >> <https://www.listbox.com/member/archive/rss/184463/24824159-36a67e62> | >> Modify <https://www.listbox.com/member/?&;> Your Subscription >> <http://www.listbox.com> >> >> >> > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/28131789-5461de6f> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > -- Thanks, Clay Eden ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
