fail2ban #2

Supports: trusty
Add to new model

Description

Fail2ban monitors log files (e.g. /var/log/auth.log,
/var/log/apache/access.log) and temporarily or persistently bans
failure-prone addresses by updating existing firewall rules. Fail2ban
allows easy specification of different actions to be taken such as to
ban an IP using iptables or hostsdeny rules, or simply to send a
notification email. By default, it comes with filter expressions for
various services (sshd, apache, qmail, proftpd, sasl etc.) but
configuration can be easily extended for monitoring any other text
file. All filters and actions are given in the config files, thus
fail2ban can be adopted to be used with a variety of files and
firewalls.


Fail2Ban

Deploys fail2ban monitoring and denial-of-service (DoS) prevention service,
with exposed configuration to help prevent SSH DoS attacks.

The fail2ban service scans log files and bans IPs that have too many password
failures. The number of failures, and ban time are configurable.

Deployment

The fail2ban charm is a subordinate charm a container to deploy.
The fail2ban charm uses the implicit juju-info relationship so it can be
related to any container charm. Here are the steps to deploy the charm:

juju deploy ubuntu
juju deploy fail2ban
juju add-relation fail2ban:juju-info ubuntu:juju-info

These steps will install, and configure fail2ban to monitor SSH by default
with a 1 hour delay on incorrect password attempts, after 3 failed attempts.

Known Limitations and Issues

This charm does not configure any of the other services fail2ban can monitor,
such as http, ftp, etc. If you wish to configure these services you can find
the configuration file at /etc/fail2ban/jail.local.

Configuration

  • maxretry: number of attempts before banning the IP adddress.
  • ignoreip: Additional IP's (space separated) to add to the ignore ruleset.
    Supports IP and CIDR.
  • bantime: Ban time in seconds (defaults to 1 hour).
  • destemail: Email address to send mail to on abuse.

Example configuration

juju set fail2ban bantime=3000 maxretry=5 ignoreip=192.262.3.0/24

Maintainer

Fail2ban upstream project


Configuration

bantime
(int) Ban time in seconds (defaults to 1 hour)
3600
destemail
(string) Address to send mail to on abuse
root@localhost
ignoreip
(string) Additional IP's to add to the ignore ruleset
maxretry
(int) number of attempts before banning the IP address
3