DokuWiki

Site Tools

Trace: scaling_bbb super_admin_role videojs_update paypal_integration subdomain_support view_helpers add_spf_record solr_master_slave email_notifier fail2ban
Hotfix release available: 2025-05-14b "Librarian". upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian". upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian". upgrade now! [56] (what's this?)
Hotfix release available: 2024-02-06b "Kaos". upgrade now! [55.2] (what's this?)
Hotfix release available: 2024-02-06a "Kaos". upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos". upgrade now! [55] (what's this?)
Hotfix release available: 2023-04-04b "Jack Jackrum". upgrade now! [54.2] (what's this?)
Hotfix release available: 2023-04-04a "Jack Jackrum". upgrade now! [54.1] (what's this?)
New release available: 2023-04-04 "Jack Jackrum". upgrade now! [54] (what's this?)
Hotfix release available: 2022-07-31b "Igor". upgrade now! [53.1] (what's this?)
Hotfix release available: 2022-07-31a "Igor". upgrade now! [53] (what's this?)
New release available: 2022-07-31 "Igor". upgrade now! [52.2] (what's this?)
New release candidate 2 available: rc2022-06-26 "Igor". upgrade now! [52.1] (what's this?)
New release candidate available: 2022-06-26 "Igor". upgrade now! [52] (what's this?)
Hotfix release available: 2020-07-29a "Hogfather". upgrade now! [51.4] (what's this?)
New release available: 2020-07-29 "Hogfather". upgrade now! [51.3] (what's this?)
New release candidate 3 available: 2020-06-09 "Hogfather". upgrade now! [51.2] (what's this?)
New release candidate 2 available: 2020-06-01 "Hogfather". upgrade now! [51.1] (what's this?)
New release candidate available: 2020-06-01 "Hogfather". upgrade now! [51] (what's this?)
Hotfix release available: 2018-04-22c "Greebo". upgrade now! [50.3] (what's this?)
Hotfix release available: 2018-04-22b "Greebo". upgrade now! [50.2] (what's this?)
fail2ban

Step 1 - yum install fail2ban
Step 2 - edit /etc/fail2ban/jail.conf
Step 3 - add the following lines
[vulscan]
enabled=true
port = http, https
filter = vulscan
banaction = iptables-allports
logpath=?/var/log/haproxy.log
maxretry=1
bantime=604800
step 4 - /etc/fail2ban/filter.d/vulscan
[Definition]
failregex = .*]:<HOST>.*GET\/myadmin/scripts/setup.php

          .*]:<HOST>.*GET\/javascripts/).html(
          .*]:<HOST>.*GET\/javascripts/.jsp

step 5 = verify that the /var/log/haproxy.log is generated and is capturing the above inputs.

Fail2ban parses the logs we point it to and based on the free text filters which we specify will carry out a specific action like alerting or logging.
This solution depends on the ability of haproxy to dump the information into the logs so that fail2ban can read it.

We have to continuosly add strings we find are hacking attempts and put it in the above filter.

This will NOT slow down haproxy as it is post facto. The first attempt will come through from the client IP. Once we see that x.y.z.a is attempting it from the logs fail2ban will automatically block that specific IP from accessing any of the ports on the haproxy server.

This needs to be implemented, tested and monitored.

fail2ban.txt · Last modified: 2018/08/31 16:16 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki