openwrt:master
← erdoukki:fail2ban-master
opened 03:53PM - 11 Mar 21 UTC
Maintainer: Kerma Gérald gandalf@gk2.net
Compile tested: (aarch64_cortex-a53, e… spressobin board, OpenWrt master)
Run tested: (aarch64_cortex-a53, espressobin board, OpenWrt master)
Description:
python3 package of pyinotify as requirement of fail2ban package
and
python3 fail2ban package
tested on snapshot : OK
```
root@RELAY:/# fail2ban-python --version
Python 3.9.2
root@RELAY:/# fail2ban-server --version
Fail2Ban v0.11.2
root@RELAY:/# uname -ar
Linux RELAY 5.4.102 #0 SMP Sat Mar 13 13:41:04 2021 aarch64 GNU/Linux
root@RELAY:/# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='SNAPSHOT'
DISTRIB_REVISION='r16175-997ff740dc'
DISTRIB_TARGET='mvebu/cortexa53'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r16175-997ff740dc'
DISTRIB_TAINTS=''
```
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
More @ http://www.fail2ban.org
Use case (POC):
Fail2Ban, with the help of centralized logs directly on a main router OpenWrt based, can ban unwanted access by their IP source.
PR still pending review and waiting to be included...
Can someone check and help ?
Thanks
2 Likes
I think you should squash some of your commits.
2 Likes
available in snapshot download...
New PR made this morning for 21.02 : https://github.com/openwrt/packages/pull/16592
if I install and enable this package...
will it work out of the box... for say lan side luci/ssh denials?
if not are there plans/guides to provide this (and other openwrt specific log parsing)?
This is a standard package (initial package PR), so NO, it is installed without any specific customization ! (for now)
You can find a lot of HowTo around, some great from Fail2Ban ; http://www.fail2ban.org/wiki/index.php/HOWTOs
I may try to get some free time to write some specific tutorial for OpenWrt.
In testing I already made a POC with RSYSLOG (centralized syslog on my main routeur) of remotes servers (mainly LXC debians) and auto banning on the gateway itself... I get some draft / notes about it...
Feel free to try... but also use it at your own risk !
Edit: there is too much possible and specific usage... the package only give, as usual, the software itself on OpenWrt.
2 Likes
understood... and thanks for the package... no doubt some openwrt specific tutorials may pop up over time...