I thought fail2ban was abandoned due to feature Volker added for to many login failures. Also, if you have your lan via OpenVPN why you do you need fail2ban??? Why open up router to your http or https of OMV?
Hum I think Volker's feature (PAM configuration - "Improve 'openmediavault' PAM configuration. Block users for 180sec after 3 failed login attempts." )
don't works fully. I can see in my auth.log :
Code
Feb 1 07:35:26 prbond sshd[21904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:35:28 prbond sshd[21904]: Failed password for root from 103.41.124.58 port 59700 ssh2
Feb 1 07:35:30 prbond sshd[21904]: Failed password for root from 103.41.124.58 port 59700 ssh2
Feb 1 07:35:33 prbond sshd[21904]: Failed password for root from 103.41.124.58 port 59700 ssh2
Feb 1 07:35:33 prbond sshd[21904]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:35:33 prbond sshd[21904]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:35:41 prbond sshd[22036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:35:43 prbond sshd[22036]: Failed password for root from 103.41.124.58 port 38129 ssh2
Feb 1 07:35:46 prbond sshd[22036]: Failed password for root from 103.41.124.58 port 38129 ssh2
Feb 1 07:35:48 prbond sshd[22036]: Failed password for root from 103.41.124.58 port 38129 ssh2
Feb 1 07:35:49 prbond sshd[22036]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:35:49 prbond sshd[22036]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:35:56 prbond sshd[22039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:35:58 prbond sshd[22039]: Failed password for root from 103.41.124.58 port 46178 ssh2
Feb 1 07:36:01 prbond sshd[22039]: Failed password for root from 103.41.124.58 port 46178 ssh2
Feb 1 07:36:03 prbond sshd[22039]: Failed password for root from 103.41.124.58 port 46178 ssh2
Feb 1 07:36:03 prbond sshd[22039]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:36:03 prbond sshd[22039]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:11 prbond sshd[22043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:13 prbond sshd[22043]: Failed password for root from 103.41.124.58 port 53011 ssh2
Feb 1 07:36:16 prbond sshd[22043]: Failed password for root from 103.41.124.58 port 53011 ssh2
Feb 1 07:36:18 prbond sshd[22043]: Failed password for root from 103.41.124.58 port 53011 ssh2
Feb 1 07:36:19 prbond sshd[22043]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:36:19 prbond sshd[22043]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:26 prbond sshd[22052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:28 prbond sshd[22052]: Failed password for root from 103.41.124.58 port 33982 ssh2
Feb 1 07:36:30 prbond sshd[22052]: Failed password for root from 103.41.124.58 port 33982 ssh2
Feb 1 07:36:33 prbond sshd[22052]: Failed password for root from 103.41.124.58 port 33982 ssh2
Feb 1 07:36:33 prbond sshd[22052]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:36:33 prbond sshd[22052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:41 prbond sshd[22056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:36:43 prbond sshd[22056]: Failed password for root from 103.41.124.58 port 41228 ssh2
Feb 1 07:36:46 prbond sshd[22056]: Failed password for root from 103.41.124.58 port 41228 ssh2
Feb 1 07:36:48 prbond sshd[22056]: Failed password for root from 103.41.124.58 port 41228 ssh2
Feb 1 07:36:49 prbond sshd[22056]: Received disconnect from 103.41.124.58: 11: [preauth]
Feb 1 07:36:49 prbond sshd[22056]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.58 user=root
Feb 1 07:38:02 prbond sshd[22079]: Received disconnect from 115.239.228.15: 11: [preauth]
Feb 1 07:39:01 prbond CRON[22096]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 1 07:39:01 prbond CRON[22096]: pam_unix(cron:session): session closed for user root
Feb 1 07:45:01 prbond CRON[22183]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 1 07:45:03 prbond CRON[22183]: pam_unix(cron:session): session closed for user root
Feb 1 07:57:37 prbond sshd[22611]: Received disconnect from 115.239.228.12: 11: [preauth]
Feb 1 08:00:01 prbond CRON[22642]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 1 08:00:03 prbond CRON[22642]: pam_unix(cron:session): session closed for user root
Feb 1 08:05:23 prbond sshd[22790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.3 user=root
Feb 1 08:05:25 prbond sshd[22790]: Failed password for root from 183.136.216.3 port 40469 ssh2
Feb 1 08:05:27 prbond sshd[22790]: Failed password for root from 183.136.216.3 port 40469 ssh2
Feb 1 08:05:29 prbond sshd[22790]: Failed password for root from 183.136.216.3 port 40469 ssh2
Feb 1 08:05:30 prbond sshd[22790]: Received disconnect from 183.136.216.3: 11: [preauth]
Feb 1 08:05:30 prbond sshd[22790]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.3 user=root
Alles anzeigen
I don't use OpenVpn and my port 22 for ssh is open, i need fail2ban !!!!
I would use official OMV plugin fail2ban instead fail2ban with "apt-get install"
That's why i would help for dev OMV plugin fail2ban !