Salut à tous !
Voilà, après mon dernier problème avec fail2ban pour MySQL (securite-anti-brute-force-t39497.html), je reviens vers vous pour faire la même chose avec mon OpenVPN.
J’ai fais une regex pour lui :
[code]# Fail2Ban configuration file
Author: Darel
[Definition]
failregex = :\d{1,5} TLS Auth Error[/code]
J’ai testé avec sudo fail2ban-regex /var/log/openvpn.log /etc/fail2ban/filter.d/openvpn.conf :
[code]/usr/share/fail2ban/server/filter.py:442: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5
Running tests
Use regex file : /etc/fail2ban/filter.d/openvpn.conf
Use log file : /var/log/openvpn.log
Results
Failregex
|- Regular expressions:
| [1] :\d{1,5} TLS Auth Error
|
`- Number of matches:
[1] 12 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
Addresses found:
[1]
xxx.xxx.xxx.xxx (Thu Aug 16 08:50:01 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:20:39 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:20:46 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:20:54 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:21:03 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:21:10 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:34:28 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:34:40 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:34:50 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:35:01 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:35:10 2012)
xxx.xxx.xxx.xxx (Thu Aug 16 09:35:17 2012)
Date template hits:
472 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
0 hit(s): YearMonthDay Hour:Minute:Second
Success, the total number of match is 12
However, look at the above section ‘Running tests’ which could contain important
information.[/code]
Pour moi tout me semble bon, il trouve les adresses IP et il reconnait nativement les dates…
Voici en prime moi jail.conf (le minimum) :
[code][DEFAULT]
ignoreip = 127.0.0.1
bantime = 1600
maxretry = 3
backend = polling
destemail = xxxxxxxxx@gmail.com
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s]
action_mw = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s]
%(mta)s-whois[name=%(name)s, dest="%(destemail)s", protocol="%(protocol)s]
action_mwl = %(banaction)s[name=%(name)s, port="%(port)s", protocol="%(protocol)s]
%(mta)s-whois-lines[name=%(name)s, dest="%(destemail)s", logpath=%(logpath)s]
action = %(action_mwl)s
[openvpn]
enabled = true
port = 443
filter = openvpn
logpath = /var/log/openvpn.log[/code]
Avez-vous une petite idée de pourquoi il ne veut pas me bloquer se satané port ?
Merci d’avance !
!