mirror of
https://github.com/moparisthebest/sslh
synced 2024-12-17 13:12:15 -05:00
added fail2ban configuration examples
This commit is contained in:
parent
7d6cac73d4
commit
6fb234f85e
@ -3,6 +3,9 @@ vNEXT:
|
|||||||
privilege escalation).
|
privilege escalation).
|
||||||
(Lars Vogdt)
|
(Lars Vogdt)
|
||||||
|
|
||||||
|
Example configuration for fail2ban.
|
||||||
|
(Every Mouw)
|
||||||
|
|
||||||
v1.16: 11FEB2014
|
v1.16: 11FEB2014
|
||||||
Probes made more resilient, to incoming data
|
Probes made more resilient, to incoming data
|
||||||
containing NULLs. Also made them behave properly
|
containing NULLs. Also made them behave properly
|
||||||
|
12
README.md
12
README.md
@ -250,6 +250,18 @@ This will not work:
|
|||||||
|
|
||||||
sslh --listen 192.168.0.1:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4443
|
sslh --listen 192.168.0.1:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:4443
|
||||||
|
|
||||||
|
Fail2ban
|
||||||
|
--------
|
||||||
|
|
||||||
|
If using transparent proxying, just use the standard ssh
|
||||||
|
rules. If you can't or don't want to use transparent
|
||||||
|
proxying, you can set `fail2ban` rules to block repeated ssh
|
||||||
|
connections from a same IP address (obviously this depends
|
||||||
|
on the site, there might be legimite reasons you would get
|
||||||
|
many connections to ssh from the same IP address...)
|
||||||
|
|
||||||
|
See example files in scripts/fail2ban.
|
||||||
|
|
||||||
Comments? Questions?
|
Comments? Questions?
|
||||||
====================
|
====================
|
||||||
|
|
||||||
|
9
scripts/fail2ban/jail.conf
Normal file
9
scripts/fail2ban/jail.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Add the following to your fail2ban jail.conf
|
||||||
|
# In Debian you'd append it to /etc/fail2ban/jail.local
|
||||||
|
|
||||||
|
[sslh-ssh]
|
||||||
|
enabled = true
|
||||||
|
filter = sslh-ssh
|
||||||
|
action = iptables-multiport[name=sslh,port="443"]
|
||||||
|
logpath = /var/log/messages
|
||||||
|
maxretry = 5
|
25
scripts/fail2ban/sslh-ssh.conf
Normal file
25
scripts/fail2ban/sslh-ssh.conf
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Add the following to you fail2ban configuration file
|
||||||
|
# In Debian it'd go in /etc/fail2ban/filter.d/sslh-ssh.conf
|
||||||
|
|
||||||
|
|
||||||
|
# Fail2Ban filter for sslh demultiplexed ssh
|
||||||
|
#
|
||||||
|
# Doesn't (and cannot) detect auth errors,
|
||||||
|
# but many connection attempts from the same
|
||||||
|
# origin is reason enough to block.
|
||||||
|
#
|
||||||
|
# Verion: 2014-03-28
|
||||||
|
|
||||||
|
[INCLUDES]
|
||||||
|
|
||||||
|
# no includes
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
|
||||||
|
failregex = ^.+ sslh\[.+\]: connection from <HOST>:.+ to .+ forwarded
|
||||||
|
from .+ to .+:ssh\s*$
|
||||||
|
|
||||||
|
ignoreregex =
|
||||||
|
|
||||||
|
# Author: Evert Mouw <post@evert.net>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user