Remember the days when server up-time was how we measured service availability and bragged about it? This Pi-hole DNS server running on a Debian-loaded mini PC at my home office, is now at 177 days since last reboot, yet is fully patched and running latest version of Pi-hole DNS. Maybe it’s because there are no windows near this mini PC π
Feels like it was just yesterday when…
We transformed how a full-house inventory exercises were performed across warehouses, for an international book and magazine distribution business.
The solution we introduced included handheld PDAs running Windows CE, with bar-code scanning attachments, hooked up to a custom designed broad WiFi “mesh” network (before modern mesh WiFi became a thing you can buy), backed by a LAMP server hosting the inventory web front-end and database.
This setup was a game changer to the inventory team, as it reduced the amount of time it took to complete their yearly exercise from a multi-week effort to just a few days.
Bear in mind this was before the age of cloud computing, smart phones, 4G/5G networks, lightweight laptops and tablets.
To me, the level of excitement, the dropped jaws on the faces of all team members, senior management, and executive stakeholders, was the payoff to the work we did. It was quite the fun project to be a part of.
This was back in 2003. How time flies by…
Fail2ban is a nifty security tool that can monitor log files (ssh apache squidβ¦etc) and execute commands, such as adding an IPtables rule, blocking the offending IP address.
On Debian/Ubuntu, fail2ban is available in repositories and once installed, it will default start protecting ssh attempts. Such a great safety mesure for so little work required (just install it!).
This post however, is to discuss the installation of fail2ban on a server running OpenBSD (in this case, 5.1) and setting it up to protect SSH from bad login attempts.
Note: This is not a post on how to use PF on an OpenBSD server π
β Install python [pkg_add python-2.7.1p12.tgz]
β Get copy of fail2ban master branch https://github.com/fail2ban/fail2ban
β Install fail2ban by running: python2.7 setup.py install
β Once installed, configs are in /etc/fail2ban
β find jail.conf and add a new βjailβ section as follows:
[ssh-pf]
enabled = true
filter = sshd
action = pf
logpath = /var/log/authlog
ignoreip = "a whiltelisted IP"
β Next, go to /etc/fail2ban/action.d
β Create a new action config named βpf.confβ
β Add the following to it:
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = /sbin/pfctl -t Banned -T add < ip > && /sbin/pfctl -k < ip >
actionunban = /sbin/pfctl -t Banned -T delete < ip >
[Init]
β Now we need to set up /etc/pf.conf with some block rules.
β Assuming you already know how to use PF, we will need a table and a block rule for the table:
# Fail2Ban dynamic table
table < Banned > persist
# Fail2Ban blocks
block log quick from { < Banned > } to any
β To start/stop fail2ban on OpenBSD
# fail2ban-client start
# fail2ban-client stop
β To look at the PF table for IPs
pfctl -t 'tableName' -T show
β To clear contents of the table
pfctl -t 'tableName' -T flush