crazy-max / docker-fail2ban Goto Github PK
View Code? Open in Web Editor NEWFail2ban Docker image
License: MIT License
Fail2ban Docker image
License: MIT License
dont know what i am doing wrong but cant seem to get the guacamole jail working.
Using apache guacamole container behind traefik proxy. Tried manually banning some ip and rules are being added in cloudflare.
fail2ban log output:
2020-02-22 20:52:36,527 fail2ban.CommandAction [1]: DEBUG Set name = 'guacamole-auth'
2020-02-22 20:52:36,527 fail2ban.CommandAction [1]: DEBUG Set port = 'http,https'
2020-02-22 20:52:36,527 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp'
2020-02-22 20:52:36,527 fail2ban.CommandAction [1]: DEBUG Set chain = '<known/chain>'
2020-02-22 20:52:36,527 fail2ban.CommandAction [1]: DEBUG Set actname = 'cloudflare'
2020-02-22 20:52:36,528 fail2ban.CommandAction [1]: DEBUG Set cfuser = 'xxxx'
2020-02-22 20:52:36,528 fail2ban.CommandAction [1]: DEBUG Set cftoken = 'xxx'
2020-02-22 20:52:36,528 fail2ban.jail [1]: DEBUG Starting jail 'guacamole-auth'
2020-02-22 20:52:36,528 fail2ban.filterpyinotif [1]: DEBUG [guacamole-auth] filter started (pyinotifier)
2020-02-22 20:52:36,528 fail2ban.jail [1]: INFO Jail 'guacamole-auth' started
2020-02-22 20:52:36,529 fail2ban.transmitter [1]: DEBUG Status: ready
Server ready
2020-02-22 20:53:01,954 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-02-22 20:53:01,954 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-02-22 20:53:01,979 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-02-22 20:53:01,979 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-02-22 20:53:07,132 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-02-22 20:53:07,132 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-02-22 20:53:07,133 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-02-22 20:53:07,133 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-02-22 20:53:07,134 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
jail.d/guacamole.conf
[DEFAULT]
banaction = cloudflare
[guacamole-auth]
enabled = true
logpath = /var/log/guacamole/guacd.log
port = http,https
bantime = -1
maxretry = 5
filter.d/guacamole-auth.conf
[Definition]
failregex = \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" failed\.
ignoreregex =
config/guacamole/logback.xml
<configuration>
<!-- Appender for debugging -->
<appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Appender for debugging in a file-->
<appender name="GUAC-DEBUG_FILE" class="ch.qos.logback.core.FileAppender">
<file>/usr/local/tomcat/logs/guacd.log</file>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
</encoder>
</appender>
<!-- Log at DEBUG level -->
<root level="debug">
<appender-ref ref="GUAC-DEBUG"/>
<appender-ref ref="GUAC-DEBUG_FILE"/>
</root>
</configuration>
docker-compose.yaml
fail2ban:
container_name: fail2ban
image: crazymax/fail2ban:latest
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- /var/log:/var/log
- ${USERDIR}/docker/fail2ban:/data
- ${USERDIR}/docker/fail2ban/fail2ban.d:/etc/fail2ban/fail2ban.d
environment:
- TZ=${TZ}
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=INFO
- F2B_DB_PURGE_AGE=1d
- F2B_IPTABLES_CHAIN=DOCKER-USER
- SSMTP_HOST=smtp.gmail.com
- SSMTP_PORT=587
- SSMTP_USER=${SMTP_EMAIL}
- SSMTP_PASSWORD=${SMTP_PASSWORD} # Create an "app password" if you use 2FA
- SSMTP_TLS=TLS
jail status
/ # fail2ban-client status guacamole-auth
Status for the jail: guacamole-auth
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/guacamole/guacd.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
regex test
Results
=======
Failregex: 15 total
|- #) [# of hits] regular expression
| 1) [15] \bAuthentication attempt from \[<HOST>(?:,.*)?\] for user ".*" failed\.
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [376] {^LN-BEG}24hour:Minute:Second
`-
Lines: 376 lines, 0 ignored, 15 matched, 361 missed
[processed in 0.04 sec]
Missed line(s): too many to print. Use --print-all-missed to print all 361 lines
F2B tries to send email but fail2ban.utils results in ERROR because it tries to open port 25
Docker-compose variables set for using smtp mailserver using port 587.
2020-06-17 18:09:40,668 fail2ban.utils [1]: ERROR 7fb382728ab0 -- stderr: 'sendmail: Cannot open mail:25'
2020-06-17 18:09:40,668 fail2ban.utils [1]: ERROR 7fb382728ab0 -- returned 1
2020-06-17 18:09:40,668 fail2ban.actions [1]: ERROR Failed to start jail 'bitwarden' action 'sendmail-whois-lines': Error starting action Jail('bitwarden')/sendmail-whois-lines: 'Script error'
Docker version 18.09.8, build bfed4f5
docker-compose version 1.24.0, build 0aa59064
Linux Zeus 3.10.105 #25426 SMP Tue May 12 04:53:17 CST 2020 x86_64 GNU/Linux synology_broadwell_rs3617rpxs
####Docker-compose
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
restart: always
environment:
- TZ=Europe/Paris
- F2B_DB_PURGE_AGE=30d
- F2B_LOG_TARGET=/data/fail2ban.log
- F2B_LOG_LEVEL=INFO
- F2B_IPTABLES_CHAIN=INPUT
- [email protected]
- F2B_SENDER=[email protected]
- SSMTP_PORT:587
- SSMTP_HOST:xxxx
- SSMTP_HOSTNAME=xxxx
- SSMTP_USER:xxxx
- SSMTP_PASSWORD:xxxx
- SSMTP_TLS=YES
- SSMTP_STARTTLS:YES
###jail.d
[DEFAULT]
ignoreip = 127.0.0.1/8
#Ban for 30 days
bantime = 2592000
findtime = 86400
maxretry = 3
backend = auto
action = iptables-allports[name=bitwarden]
sendmail-whois[name=bitwarden, [email protected]]
Why does fail2ban still try to open port 25 ?
Hi there,
Just trying to set up properly Bitwarden_rs + Fail2ban on a Synology NAS using Docker's containers. I run a DS718+ with latest DSM and using the built-in reverse proxy.
At this time I went around most issues except one : the ban does not work despite the logs. What did I missed ?
Docker version 18.09.8, build 2c0a67b
Here the setup :
dani-garcia/bitwarden_rs
crazy-max/docker-fail2ban
The jail :
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/22
#Ban for 30 days
#bantime = 2592000
bantime = 6400
findtime = 86400
maxretry = 4
backend = auto
action = iptables-allports[name=bitwarden]
[bitwarden]
enabled = true
port = 80,81,443
filter = bitwarden
logpath = /bitwarden/bitwarden.log
The filter:
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =
Bitwarden log :
[2020-03-05 21:53:26][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:53:35][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:53:38][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:53:40][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:53:51][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:56:22][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:56:27][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:56:33][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
[2020-03-05 21:56:49][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: [email protected].
F2B Log:
2020-03-05 22:46:16,047 fail2ban.server [1]: INFO Reload all jails
2020-03-05 22:46:16,048 fail2ban.server [1]: INFO Reload jail 'bitwarden'
2020-03-05 22:46:16,049 fail2ban.filter [1]: INFO maxRetry: 4
2020-03-05 22:46:16,049 fail2ban.filter [1]: INFO findtime: 86400
2020-03-05 22:46:16,050 fail2ban.actions [1]: INFO banTime: 6400
2020-03-05 22:46:16,050 fail2ban.filter [1]: INFO encoding: UTF-8
2020-03-05 22:46:16,051 fail2ban.server [1]: INFO Jail 'bitwarden' reloaded
2020-03-05 22:46:16,051 fail2ban.actions [1]: NOTICE [bitwarden] Flush ticket(s) with iptables-allports
2020-03-05 22:46:16,052 fail2ban.server [1]: INFO Reload finished.
2020-03-05 22:53:04,043 fail2ban.filter [1]: INFO [bitwarden] Found 192.168.XX.XX - 2020-03-05 21:53:03
2020-03-05 22:53:26,758 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:53:26
2020-03-05 22:53:35,072 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:53:35
2020-03-05 22:53:38,592 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:53:38
2020-03-05 22:53:41,297 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:53:40
2020-03-05 22:53:41,896 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-05 22:53:51,006 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:53:51
2020-03-05 22:55:48,931 fail2ban.actions [1]: NOTICE [bitwarden] Unban 80.XX.XX.XX - Done manually after tested access still ok
2020-03-05 22:56:22,282 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:56:22
2020-03-05 22:56:27,154 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:56:27
2020-03-05 22:56:33,709 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:56:33
2020-03-05 22:56:34,098 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-05 22:56:49,381 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-05 21:56:49
Hi,
Why does (crazy-max-docker-)fail2ban block 0.0.0.3, if it sees access from xxx.40.3.173?
with best regards,
I.
===================================================================================================================
conf-file from jail.d:
===================================================================================================================
[DEFAULT]
bantime = 1h
destemail = [email protected]
sender = root@$(hostname -f)
action = %(action_mwl)s
[calweb-auth]
enabled = true
chain = DOCKER-USER
port = http,https
filter = calweb-auth
logpath = /var/log/calibre-web.log
===================================================================================================================
conf-file from filter.d:
===================================================================================================================
[Definition]
failregex = .*Login failed.*<HOST>
ignoreregex =
===================================================================================================================
john01@instance-2:~/yml$ docker logs fail2ban_c 2>&1|tail
2020-09-16 09:27:13,946 fail2ban.ipdns [1]: WARNING Determined IP using DNS Lookup: 3 = {'0.0.0.3'}
2020-09-16 09:27:13,947 fail2ban.filter [1]: INFO [calweb-auth] Found 0.0.0.3 - 2020-09-16 09:27:13
2020-09-16 09:27:18,997 fail2ban.ipdns [1]: WARNING Determined IP using DNS Lookup: 3 = {'0.0.0.3'}
2020-09-16 09:27:18,998 fail2ban.filter [1]: INFO [calweb-auth] Found 0.0.0.3 - 2020-09-16 09:27:18
2020-09-16 09:27:19,128 fail2ban.actions [1]: NOTICE [calweb-auth] Ban 0.0.0.3
2020-09-16 09:27:19,242 fail2ban.ipdns [1]: WARNING Determined IP using DNS Lookup: 3 = {'0.0.0.3'}
2020-09-16 09:27:19,243 fail2ban.filter [1]: INFO [calweb-auth] Found 0.0.0.3 - 2020-09-16 09:27:19
2020-09-16 09:27:23,461 fail2ban.ipdns [1]: WARNING Determined IP using DNS Lookup: 3 = {'0.0.0.3'}
2020-09-16 09:27:23,462 fail2ban.filter [1]: INFO [calweb-auth] Found 0.0.0.3 - 2020-09-16 09:27:23
2020-09-16 10:27:18,517 fail2ban.actions [1]: NOTICE [calweb-auth] Unban 0.0.0.3
john01@instance-2:~/yml$
===================================================================================================================
john01@instance-2:/var/log$ tail calibre-web.log
[2020-09-16 09:03:32,490] INFO {cps.server:184} Performing shutdown of Calibre-Web
[2020-09-16 09:04:05,286] INFO {cps:97} Starting Calibre Web...
[2020-09-16 09:04:05,903] INFO {cps.server:156} Starting Tornado server on :8083
[2020-09-16 09:26:59,410] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:05,108] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:09,138] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:13,570] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:18,996] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:19,241] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
[2020-09-16 09:27:23,460] INFO {cps.web:1437} Login failed for user "X" IP-adress: xxx.40.3.173
john01@instance-2:/var/log$
===================================================================================================================
part from docker-compose.yml:
===================================================================================================================
fail2ban_s:
restart: always
image: crazymax/fail2ban:latest
container_name: fail2ban_c
network_mode: "host"
depends_on:
- calweb_s
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- "./data:/data"
- "/var/log:/var/log:ro"
env_file:
- "./fail2ban.env"
=================================================================================================
```==================
I am seeing a near-100% CPU utilization on my docker ps listing. The fail2ban log shows nothing abnormal (attached). I have restarted the host, and recreated the container, to no avail.
Log:
2019-02-27 06:07:43,940 fail2ban.jail [1]: INFO Jail 'mariadb' stopped,
2019-02-27 06:07:43,973 fail2ban.database [1]: INFO Connection to database closed.,
2019-02-27 06:07:43,982 fail2ban.server [1]: INFO Exiting Fail2ban,
Setting timezone to America/Chicago...,
WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails,
Setting SSMTP configuration...,
Setting Fail2ban configuration...,
Initializing files and folders...,
Checking for custom actions in /data/action.d...,
Checking for custom filters in /data/filter.d...,
2019-02-27 08:03:50,667 fail2ban.filter [1]: ERROR Unable to open /var/lib/docker/containers/9cb32f37eac495ccdfd4351473c3fda27d3cad66305566984d080d0dd136618e/9cb32f37eac495ccdfd4351473c3fda27d3cad66305566984d080d0dd136618e-json.log,
2019-02-27 06:12:25,877 fail2ban.actions [1]: NOTICE [mariadb] Restore Ban 88.214.26.40,
2019-02-27 06:12:25,849 fail2ban.actions [1]: NOTICE [mariadb] Restore Ban 88.214.26.20,
2019-02-27 06:12:25,836 fail2ban.actions [1]: NOTICE [mariadb] Restore Ban 88.214.26.19,
2019-02-27 06:11:54,406 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.local'],
WARNING: mariadb.conf already exists and will be overriden,
2019-02-27 06:11:53,671 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban ,
Add custom filter mariadb.conf...,
2019-02-27 06:11:53,782 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'],
2019-02-27 06:11:53,783 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'],
2019-02-27 06:11:53,784 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to STDOUT,
2019-02-27 06:11:53,783 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock,
2019-02-27 06:11:54,084 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban ,
2019-02-27 06:11:54,198 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf'],
2019-02-27 06:11:54,094 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf'],
2019-02-27 06:11:54,395 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf'],
2019-02-27 06:11:54,397 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local'],
2019-02-27 06:11:54,398 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/mariadb.conf'],
2019-02-27 06:11:54,406 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/mariadb.conf', '/etc/fail2ban/jail.local'],
2019-02-27 06:11:54,427 fail2ban.configreader [1]: INFO Loading configs for filter.d/mariadb under /etc/fail2ban ,
2019-02-27 06:11:54,428 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/mariadb.conf'],
2019-02-27 06:11:54,438 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/mariadb.conf'],
2019-02-27 06:11:54,440 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban ,
2019-02-27 06:11:54,441 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf'],
2019-02-27 06:11:54,652 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf'],
2019-02-27 06:11:54,654 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local'],
2019-02-27 06:11:54,654 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local'],
2019-02-27 06:11:54,654 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf'],
2019-02-27 06:11:57,792 fail2ban.server [1]: INFO Starting Fail2ban v0.10.4,
2019-02-27 06:11:57,812 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3',
2019-02-27 06:12:04,952 fail2ban.jail [1]: INFO Creating new jail 'mariadb',
2019-02-27 06:11:57,792 fail2ban.server [1]: INFO --------------------------------------------------,
2019-02-27 06:12:05,710 fail2ban.jail [1]: INFO Jail 'mariadb' uses poller {},
2019-02-27 06:12:05,710 fail2ban.jail [1]: INFO Initiated 'polling' backend,
2019-02-27 06:12:06,075 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/962a11dbc906c02e967eb8ae83897f60f8e9b75af4b20a76da8dbbec08d84482/962a11dbc906c02e967eb8ae83897f60f8e9b75af4b20a76da8dbbec08d84482-json.log' (pos = 345617, hash = be385f4980536ce06284c64cb3dc422a),
2019-02-27 06:12:06,409 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/7149edd8a50bcb8d1eaf3c09a74eb5e774c58292c658bec14f73e4c58d2e1903/7149edd8a50bcb8d1eaf3c09a74eb5e774c58292c658bec14f73e4c58d2e1903-json.log' (pos = 0, hash = 7a663743b240e7366c380b1c4fcc24fc),
2019-02-27 06:12:06,826 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/56092a0e5f1555749c602bd11163de3690674bbe9209e9a485ac807e7e94a8f0/56092a0e5f1555749c602bd11163de3690674bbe9209e9a485ac807e7e94a8f0-json.log' (pos = 57081, hash = e56da09f4431bb618ea7b44d0d4b2c68),
2019-02-27 06:12:07,193 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/10acbe69d26b81ab9907995fa5f59ce41c0c9452e3fae23bda3f285852cc9f80/10acbe69d26b81ab9907995fa5f59ce41c0c9452e3fae23bda3f285852cc9f80-json.log' (pos = 2522803, hash = fd546c9220c59bf5ec6bbd68653de18c),
2019-02-27 06:12:07,575 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/0fe62649afa8598f0e3c4f5db25cdfa420f171503857890578db1359a59be88f/0fe62649afa8598f0e3c4f5db25cdfa420f171503857890578db1359a59be88f-json.log' (pos = 0, hash = 5c7f6af8ea4ff44b6043289174bd2c0d),
2019-02-27 06:12:07,918 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/b1c9f263f7e9e16c5e8b78c53bf9efb4dd77b295861d4bbd95a92eddf5ad427c/b1c9f263f7e9e16c5e8b78c53bf9efb4dd77b295861d4bbd95a92eddf5ad427c-json.log' (pos = 0, hash = 5b45292fde933657561c500cefff6b11),
2019-02-27 06:12:08,587 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/ccbb1762211b608f38bef1eba382299aa4332d66688409fb273198dc868b5fb3/ccbb1762211b608f38bef1eba382299aa4332d66688409fb273198dc868b5fb3-json.log' (pos = 0, hash = 62413be95e2653fb32d9a9417e1ae4a5),
2019-02-27 06:12:09,529 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/ad5df8b326021cea797eb6a1413f95664f1b154fbed4ca7736e18b50c634d175/ad5df8b326021cea797eb6a1413f95664f1b154fbed4ca7736e18b50c634d175-json.log' (pos = 0, hash = 5c8dd0b9f11f0a363f4034dac636aa71),
2019-02-27 06:12:09,884 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/366a426557563f9f0ef4a58029f759a49a90a86629959b93bf4b63a85cb8bc2c/366a426557563f9f0ef4a58029f759a49a90a86629959b93bf4b63a85cb8bc2c-json.log' (pos = 0, hash = d43ed1489fd13b97f6978c76523b6516),
2019-02-27 06:12:12,002 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/7c727df2af5a377a0a24efbd4917b1210d7a54b1da10981be2354f218646fada/7c727df2af5a377a0a24efbd4917b1210d7a54b1da10981be2354f218646fada-json.log' (pos = 213085, hash = bea28ec2e9e6e051d89bc55a8d3e6620),
2019-02-27 06:12:12,343 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/875fcd076d8ae570f35e7f7e2dc5fe529640ec395103f3e0247b66b78a3f25ec/875fcd076d8ae570f35e7f7e2dc5fe529640ec395103f3e0247b66b78a3f25ec-json.log' (pos = 146308, hash = 9539bc7fc59289554104b00c9142083f),
2019-02-27 06:12:12,869 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/aed5bd9bd9c43c65133418df1f65d0280973a576e2fab35e9a30e194fc068656/aed5bd9bd9c43c65133418df1f65d0280973a576e2fab35e9a30e194fc068656-json.log' (pos = 168167692, hash = 56b6da46f8a21bff11dbd3ba1125721f),
2019-02-27 06:12:14,454 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/4c75011557ddbaa7ff673cbb9bb1d1f048c13dd5fb684c2f13945c422dfa68b7/4c75011557ddbaa7ff673cbb9bb1d1f048c13dd5fb684c2f13945c422dfa68b7-json.log' (pos = 0, hash = d4f2853bc56593d743646b2735539db6),
2019-02-27 06:12:17,748 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/7cea5149a96a0881ec1088074568257f8081d443bc697f9ab81641de08b0264b/7cea5149a96a0881ec1088074568257f8081d443bc697f9ab81641de08b0264b-json.log' (pos = 1952209, hash = 5734813bf6ec323008c2dead6791809b),
2019-02-27 06:12:23,339 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/05052f373e400da18b4f46a4c3f9854895bb498cd14cdebbb3d6bd2e5ba0500c/05052f373e400da18b4f46a4c3f9854895bb498cd14cdebbb3d6bd2e5ba0500c-json.log' (pos = 273703238, hash = 701d36455644350fc31d5f11f704e61d),
2019-02-27 06:12:21,427 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/3b5a2f6fa6679232a951ba76ef38bd4a6e2bf985921100ceba2afbeb113de244/3b5a2f6fa6679232a951ba76ef38bd4a6e2bf985921100ceba2afbeb113de244-json.log' (pos = 0, hash = 32fe3df226af5c76962fe1caf9ac13cc),
2019-02-27 06:12:20,419 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/e690eb6aad3afb91a093933e7c8cdffb463588cf4f2043edd9b91cb4fbd4098a/e690eb6aad3afb91a093933e7c8cdffb463588cf4f2043edd9b91cb4fbd4098a-json.log' (pos = 288808, hash = 904fc8081cda09c0f5feb9012f63c0ec),
2019-02-27 06:12:19,202 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/b2a7a88390e1b377ed88756264cf717677e6b4cb8b85872b312b25e799921e0b/b2a7a88390e1b377ed88756264cf717677e6b4cb8b85872b312b25e799921e0b-json.log' (pos = 3370012, hash = 3266bd02edc1500252709c4d2fdf803a),
2019-02-27 06:12:18,639 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/ed027346190868e23566ef6b1afc62d0c373b9160940377fced4f14c25f6eae7/ed027346190868e23566ef6b1afc62d0c373b9160940377fced4f14c25f6eae7-json.log' (pos = 0, hash = 3dde2d7d3adc40393ff6ae5d83794fd1),
2019-02-27 06:12:18,072 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/4bafc2b9d87c61f136980d1f580f4c33857f7c8775f6c2c7d451cef96eaaa629/4bafc2b9d87c61f136980d1f580f4c33857f7c8775f6c2c7d451cef96eaaa629-json.log' (pos = 2682, hash = 33453e2957eb6d5f944944b773d19242),
2019-02-27 06:12:17,142 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/fa00d7bdb90e7ad0f306291b497b4a859c8c5dccd3c7ff3f1ddea585556428b5/fa00d7bdb90e7ad0f306291b497b4a859c8c5dccd3c7ff3f1ddea585556428b5-json.log' (pos = 70336340, hash = c50f4a2f549e5587e3fe1a8917896c91),
2019-02-27 06:12:16,344 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/ed27fcbdde611b2dbec1fe67cceca7e4d3f2266498fdc1cf9895b2cb52b579c6/ed27fcbdde611b2dbec1fe67cceca7e4d3f2266498fdc1cf9895b2cb52b579c6-json.log' (pos = 0, hash = a786de92ec5fe25a81daf3edf94c25fa),
2019-02-27 06:12:15,991 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/9189056bf836fe012b2c9f090abbc7e55339b1a0479df7cd982b13678004e3fd/9189056bf836fe012b2c9f090abbc7e55339b1a0479df7cd982b13678004e3fd-json.log' (pos = 0, hash = a0c86593206c96e5ed25f37f6aabb9e8),
2019-02-27 06:12:15,468 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/9cb32f37eac495ccdfd4351473c3fda27d3cad66305566984d080d0dd136618e/9cb32f37eac495ccdfd4351473c3fda27d3cad66305566984d080d0dd136618e-json.log' (pos = 37718498, hash = 2746faa949f2adc5d10cc9c7d000a18d),
2019-02-27 06:12:14,818 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/8e2b81022d2ca0e350f5dd05811ab5d052c9bef975773d00dfb3010d35eff02d/8e2b81022d2ca0e350f5dd05811ab5d052c9bef975773d00dfb3010d35eff02d-json.log' (pos = 6770817, hash = 77486b66ae50cb03580705cee905a410),
2019-02-27 06:12:13,693 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/b9452268796c47135e90b8e960ce7c856cb5f987a8a9ef588f85879979a3b1b9/b9452268796c47135e90b8e960ce7c856cb5f987a8a9ef588f85879979a3b1b9-json.log' (pos = 434465221, hash = 8efeb60eb94fe5b5013ee102edbfee8f),
2019-02-27 06:12:13,391 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/1c3944ca26e6403912ab9c6dcb18b8a0439ce2c17cab2ba383a592dd27cd9672/1c3944ca26e6403912ab9c6dcb18b8a0439ce2c17cab2ba383a592dd27cd9672-json.log' (pos = 0, hash = 36acdcbd4558c586c0639165428a8dde),
2019-02-27 06:12:10,731 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/5751aabc5cc402381be40acbf358c6b8e85f96dca0aafd8767751c96ce4e2756/5751aabc5cc402381be40acbf358c6b8e85f96dca0aafd8767751c96ce4e2756-json.log' (pos = 0, hash = ef78180c5d6309c070bdeeb701168771),
2019-02-27 06:12:11,107 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/b4f1d9267cc063d04aa91f0f069e21fd17fec06f053bc7bf8e2affd0b0f11db4/b4f1d9267cc063d04aa91f0f069e21fd17fec06f053bc7bf8e2affd0b0f11db4-json.log' (pos = 388650, hash = cf12883f0c8dcebb4d06e3ec47ecbb59),
2019-02-27 06:12:09,862 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/f1a6ead7a0641f080129d48759e2ef68843011d0c53ea63c6f32b340302fd70f/f1a6ead7a0641f080129d48759e2ef68843011d0c53ea63c6f32b340302fd70f-json.log' (pos = 6751, hash = 5c1612b42ecdcb30735deee03e1cdc54),
2019-02-27 06:12:09,060 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/8c17dff7ac4f0cf35235155113397f35f6fc723e699738e5a3ab209ba36c2aeb/8c17dff7ac4f0cf35235155113397f35f6fc723e699738e5a3ab209ba36c2aeb-json.log' (pos = 0, hash = 518c1c466d37434ce9317774105b7e43),
2019-02-27 06:12:08,236 fail2ban.filter [1]: INFO Added logfile: '/var/lib/docker/containers/31e2940271e10c84241d218ba7a707527b20b580d1da3c973c45f763d4cf9054/31e2940271e10c84241d218ba7a707527b20b580d1da3c973c45f763d4cf9054-json.log' (pos = 0, hash = b4e71e670359ecb1a7b3c241fe2cb05e),
2019-02-27 06:12:23,340 fail2ban.filter [1]: INFO maxRetry: 15,
2019-02-27 06:12:23,341 fail2ban.filter [1]: INFO encoding: UTF-8,
2019-02-27 06:12:23,342 fail2ban.filter [1]: INFO findtime: 600,
2019-02-27 06:12:23,342 fail2ban.actions [1]: INFO banTime: 2592000,
2019-02-27 06:12:23,726 fail2ban.jail [1]: INFO Jail 'mariadb' started,
docker ps:
portainer_portainer_1 e690eb6aad3a 0.00% 14.25MiB / 7.79GiB
redis 366a42655756 0.09% 14.88MiB / 7.79GiB
fail2ban 05052f373e40 99.20% 19.25MiB / 7.79GiB
nginx-proxy b9452268796c 0.32% 27.48MiB / 7.79GiB
billingbelmankraulcom_web_1 b4f1d9267cc0 0.15% 32.48MiB / 7.79GiB
blogbelmankraulcom_web_1 ccbb1762211b 0.10% 33.2MiB / 7.79GiB
Is there a good example config for the SMTP setup?
I've setup the ENV but can't get it to fire on a ban....
sendmail [email protected] works fine though, so the wiring is correct, but my jail/f2b config is clearly "not right"
Pointers appreciated :)
Hi, I successfully setup fail2ban to block traefik error 401 but it seems like the regex can't pick my sshd error attempts.
I have this log when I enable debug and an attempt is made:
[1]: DEBUG /var/log/auth.log has been modified
On auth.log I have this log:
sshd[27292]: input_userauth_request: invalid user xxxx [preauth]
sshd[27292]: pam_unix(sshd:auth): check pass; user unknown
sshd[27292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
sshd[27292]: Failed password for invalid user xxxx from x.x.x.x port 54768 ssh2
sshd[27292]: Received disconnect from x.x.x.x port 54768:11: Bye Bye [preauth]
sshd[27292]: Disconnected from x.x.x.x port 54768 [preauth]
I used your example, do you know why it would fail this way ?
Thanks for this docker image by the way, there is more documentation and all options seems easier to use than other images.
Hi, I'm using debian 9.6 and Docker version 18.06.1-ce. sshd is on default port 22 and I'm using example sshd.conf.
I found many "already banned" messages on logs. I try to banned my self and realised I could still connect to ssh while being banned.
Iptable line inserted by fail2ban:
REJECT all -- xx.xx.xx.xx anywhere reject-with icmp-port-unreachable
It appears DOCKER-USER
chain does not block ssh traffic at all for me.
I had to set environment to : - F2B_IPTABLES_CHAIN=INPUT
I'm using a traefik rule that works fine.
Here's my thought: DOCKER-USER
chain works fine for a container block but blocking sshd on host does not work. If it is the case it would be nice to add a warning on documentation.
When configured fail2ban to send email notification with env - VARs in docker, sending an email crashes with segfault.
Sendmail works like a charm and sends out mail.
Im running docker within ContainerStation on QNAP NAS
QTS: 4.4.3.1439
ContainerStation: 2.1.3.1360
If I perma ban an IP bu using -1 for ban time. Does F2B_DB_PURGE_AGE purge that perma ban from the database after 1d? I'm kinda confused on what it supposed to do.
Thanks!
Hi, sorry if I missed something but there is a lot of these lines being spat out in the logs:
fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
Sadly I was unable to find the reason behind it. Is it a misconfiguration? Nothing no worry about? Can I turn it off?
Thanks in advance!
following configuration may give a hint?
fail2ban:
container_name: fail2ban
hostname: fail2ban
image: crazymax/fail2ban:latest
network_mode: "host"
restart: always
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- /var/log:/var/log:ro
- ./fail2ban:/data
[sshd]
enabled = true
port = 2424
filter = sshd
logpath = /var/log/auth.log
findtime = 3600
maxretry = 3
bantime = 604800
ignoreip = 127.0.0.1/8 x.x.x.x
banaction = iptables-allports[name=sshBan, chain=INPUT, protocol=all]
cloudflare
[traefik-auth]
enabled = true
port = http,https
filter = traefik-auth
logpath = /var/log/traefik/access.log
findtime = 3600
maxretry = 5
bantime = 604800
ignoreip = 127.0.0.1/8 x.x.x.x
banaction = iptables-allports[name=traefikAuth, chain=DOCKER-USER, protocol=all]
cloudflare
[traefik-botsearch]
enabled = true
port = http,https
filter = traefik-botsearch
logpath = /var/log/traefik/access.log
findtime = 3600
maxretry = 5
bantime = 604800
ignoreip = 127.0.0.1/8 x.x.x.x
banaction = iptables-allports[name=traefikBot, chain=DOCKER-USER, protocol=all]
cloudflare
and additional action "cloudflare.local" for banning..
Dont print INFO/Errors?
Everything seems to work properly, but the INFO message keeps appearing.
docker --version
) : Docker version 19.03.12, build 48a66213fedocker-compose --version
) : docker-compose version 1.18.0, build 8dd22a9uname -a
) : Linux hexx.one 4.15.0-115-generic #116-Ubuntu SMP Wed Aug 26 14:04:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linuxdocker-compose.yml
, .env
, ... done (see "reproduce")> Output of command `docker info`
Client:
Debug Mode: false
Server:
Containers: 12
Running: 12
Paused: 0
Stopped: 0
Images: 27
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-115-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: XXXXXXXXX
Name: hexx.one
ID: XXXXXXXXXXXXXXXXXXXXXX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
2020-09-07 14:53:31,516 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
2020-09-07 14:53:31,516 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
2020-09-07 15:16:01,899 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
2020-09-07 15:56:46,696 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
2020-09-07 16:02:28,319 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve
etc...
It would be nice to run this container with another user.
With your firefox-sync image, you can run it with a PUID/PGID var.
Is it possible to do this with fail2ban also?
edit: tested with PUID/PGID vars with docker compose. The container is stil running as root. the user command don't work.
Hi,
Starting with Debian 10 nftables is the current FW solution. I'm managing my FW rules manually (not Docker integrated) and noticed that your fail2ban container uses iptable rules. Is it possible to enhance nftables support?
Hey,
maybe I am too dumb, but I am trying to run this fail2ban images with nextcloud using docker-compose. I use the following folder structure:
nextcloud/app
The part of my docker-compsoe file:
fail2ban: image: crazymax/fail2ban:latest container_name: nextcloud-fail2ban networks: - nextcloud_network cap_add: - NET_ADMIN - NET_RAW volumes: - nextcloud/fail2ban:/data - nextcloud/app/data:/var/log:ro env_file: - ./fail2ban.env restart: unless-stopped
wenn running the compose I see the following log:
Setting timezone to Europe/Berlin... Setting SSMTP configuration... WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails Initializing files and folders... Setting Fail2ban configuration... Checking for custom actions in /data/action.d... Checking for custom filters in /data/filter.d... 2020-07-22 15:28:15,557 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban 2020-07-22 15:28:15,558 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] 2020-07-22 15:28:15,559 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] 2020-07-22 15:28:15,560 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock 2020-07-22 15:28:15,560 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to STDOUT 2020-07-22 15:28:15,563 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban 2020-07-22 15:28:15,564 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf'] 2020-07-22 15:28:15,579 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf'] 2020-07-22 15:28:15,580 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf'] 2020-07-22 15:28:15,582 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local'] 2020-07-22 15:28:15,583 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf'] 2020-07-22 15:28:15,628 fail2ban.server [1]: INFO -------------------------------------------------- 2020-07-22 15:28:15,629 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1 2020-07-22 15:28:15,630 fail2ban.observer [1]: INFO Observer start... 2020-07-22 15:28:15,637 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3' Server ready
Executing docker exec -t nextcloud-fail2ban fail2ban-client status results in
Status |- Number of jail: 0
- Jail list:
`
Is my path configuration wrong? Or where is my mistake?
with best regards
Hello,
I would have liked to know how to add and persist white IPs and different ban times than is already preconfigured.
Thank you.
There are multiple closed issues about traefik, and I read most of them...I still can't figure out, what I'm doing wrong...I use traefik with basic auth on docker containers...I followed exactly your steps...ssh is working, traefik not...it siply shows no action in the logs...except that it is adding the traefik access log...please help!
Fail2Ban container running on a Raspberry Pi 4, failing to properly ban ips.
[traefik-auth]
jailThe ban phase works and the iptable action works.
The ban phase works, but the action fails for some reason.
It's the same issue as #55, but it was never resolved.
docker --version
) : Docker version 19.03.13, build 4484c46docker-compose --version
) : docker-compose version 1.27.3, build unknownuname -a
) : Linux raspberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l GNU/Linuxdocker-compose.yml
, .env
, ...fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
security_opt:
- no-new-privileges:true
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ./fail2ban:/data
- /var/log:/var/log:ro
- ./traefik/traefik.log:/logextra/traefik.log:ro
environment:
- TZ=${TZ}
- F2B_LOG_TARGET=${FAIL2BAN_F2B_LOG_TARGET}
- F2B_LOG_LEVEL=${FAIL2BAN_F2B_LOG_LEVEL}
- F2B_DB_PURGE_AGE=${FAIL2BAN_F2B_DB_PURGE_AGE}
- SSMTP_HOST=${FAIL2BAN_SSMTP_HOST}
- SSMTP_PORT=${FAIL2BAN_SSMTP_PORT}
- SSMTP_HOSTNAME=${FAIL2BAN_SSMTP_HOSTNAME}
- SSMTP_USER=${FAIL2BAN_SSMTP_USER}
- SSMTP_PASSWORD=${FAIL2BAN_SSMTP_PASSWORD}
- SSMTP_TLS=${FAIL2BAN_SSMTP_TLS}
restart: unless-stopped
FAIL2BAN_F2B_LOG_TARGET=STDOUT
FAIL2BAN_F2B_LOG_LEVEL=INFO
FAIL2BAN_F2B_DB_PURGE_AGE=1d
[DEFAULT]
bantime = 1h
maxretry = 3
findtime = 1h
ignoreip = 127.0.0.1/8 ::1
enabled = false
mode = normal
destemail = root@localhost
sender = root@$(hostname -f)
action = %(action_mwl)s
port = 0:65535
banaction = iptables-multiport
[traefik-auth]
enabled = true
chain = DOCKER-USER
port = http,https
filter = traefik-auth
logpath = /logextra/traefik.log
> Output of command `docker info`
Client:
Debug Mode: false
Server:
Containers: 9
Running: 9
Paused: 0
Stopped: 0
Images: 10
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.4.51-v7l+
Operating System: Raspbian GNU/Linux 10 (buster)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 7.691GiB
Name: raspberrypi
ID: HNQJ:2QLW:NIJP:OCJQ:6RLW:B7TX:EGNG:VBNS:MLKF:76S3:DMWF:CWNU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No kernel memory TCP limit support
WARNING: No oom kill disable support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
2020-10-22 02:32:30,216 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1
2020-10-22 02:32:30,220 fail2ban.observer [1]: INFO Observer start...
2020-10-22 02:32:30,225 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2020-10-22 02:32:30,228 fail2ban.jail [1]: INFO Creating new jail 'traefik-auth'
2020-10-22 02:32:30,251 fail2ban.jail [1]: INFO Jail 'traefik-auth' uses pyinotify {}
2020-10-22 02:32:30,253 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend
2020-10-22 02:32:30,259 fail2ban.filter [1]: INFO maxRetry: 5
2020-10-22 02:32:30,260 fail2ban.filter [1]: INFO findtime: 600
2020-10-22 02:32:30,260 fail2ban.actions [1]: INFO banTime: 600
2020-10-22 02:32:30,261 fail2ban.filter [1]: INFO encoding: UTF-8
2020-10-22 02:32:30,262 fail2ban.filter [1]: INFO Added logfile: '/logextra/traefik.log' (pos = 0, hash = 550e4202c7074eb9b0faf38a81af86cde593562a)
2020-10-22 02:32:30,732 fail2ban.jail [1]: INFO Jail 'traefik-auth' started
Server ready
2020-10-22 05:01:04,088 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:03
2020-10-22 05:01:05,832 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:05
2020-10-22 05:01:07,787 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:07
2020-10-22 05:01:09,397 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:09
2020-10-22 05:01:16,077 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:16
2020-10-22 05:01:16,161 fail2ban.actions [1]: NOTICE [traefik-auth] Ban 10.2.0.5
2020-10-22 05:01:16,197 fail2ban.utils [1]: ERROR b63d76e0 -- exec: iptables -w -N f2b-traefik-auth
iptables -w -A f2b-traefik-auth -j RETURN
iptables -w -I DOCKER-USER -p tcp -m multiport --dports http,https -j f2b-traefik-auth
2020-10-22 05:01:16,198 fail2ban.utils [1]: ERROR b63d76e0 -- stderr: 'iptables: Chain already exists.'
2020-10-22 05:01:16,199 fail2ban.utils [1]: ERROR b63d76e0 -- stderr: 'iptables: No chain/target/match by that name.'
2020-10-22 05:01:16,200 fail2ban.utils [1]: ERROR b63d76e0 -- returned 1
2020-10-22 05:01:16,201 fail2ban.actions [1]: ERROR Failed to execute ban jail 'traefik-auth' action 'iptables-multiport' info 'ActionInfo({'ip': '10.2.0.5', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xb65ef658>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xb65ef9b8>})': Error starting action Jail('traefik-auth')/iptables-multiport: 'Script error'
I have made exact issue on fail2ban/fail2ban repository.
fail2ban/fail2ban#2700 (comment)
sudo docker exec -ti fail2ban fail2ban-client -d | grep odoo
output
['add', 'odoo', 'auto']
['set', 'odoo', 'usedns', 'warn']
['set', 'odoo', 'addfailregex', '^ \\d+ INFO \\S+ \\S+ Login failed for db:\\S+ login:\\S+ from <HOST>']
['set', 'odoo', 'maxretry', 5]
['set', 'odoo', 'maxmatches', 5]
['set', 'odoo', 'findtime', '10m']
['set', 'odoo', 'bantime', '1m']
['set', 'odoo', 'bantime.increment', True]
['set', 'odoo', 'bantime.rndtime', '59']
['set', 'odoo', 'bantime.overalljails', True]
['set', 'odoo', 'ignorecommand', '']
['set', 'odoo', 'logencoding', 'auto']
['set', 'odoo', 'addlogpath', '/var/log/odoo/odoo.access.log', 'head']
['set', 'odoo', 'addaction', 'iptables-multiport']
['multi-set', 'odoo', 'action', 'iptables-multiport', [['actionstart', '<iptables> -N f2b-odoo\n<iptables> -A f2b-odoo -j RETURN\n<iptables> -I DOCKER-USER -p tcp -m multiport --dports http,https -j f2b-odoo'], ['actionstop', '<iptables> -D DOCKER-USER -p tcp -m multiport --dports http,https -j f2b-odoo\n<iptables> -F f2b-odoo\n<iptables> -X f2b-odoo'], ['actionflush', '<iptables> -F f2b-odoo'], ['actioncheck', "<iptables> -n -L DOCKER-USER | grep -q 'f2b-odoo[ \\t]'"], ['actionban', '<iptables> -I f2b-odoo 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-odoo -s <ip> -j <blocktype>'], ['name', 'odoo'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', 'DOCKER-USER'], ['actname', 'iptables-multiport'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]]
['start', 'odoo']
The banned ip address can't access SSH but still can access the web behind Reverse Proxy. For more detail, I have git push to the fail2ban-experiment branch
Summary here
./volumes/nginx/certs
The banned ip address can't access port HTTP and HTTPS.
chain = INPUT
and banaction = iptables-allports
to banip. The banned ip address can't access port SSH but still can access port HTTP and HTTPS.chain = DOCKER-USER
and banaction = iptables-multiport
to banip. The banned ip address still can access port HTTP and HTTPS. The log is in section Relevant parts of sudo docker-compose logs
cat volumes/fail2ban/config/jail.d/jail.local
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#
# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
bantime.increment = true
# "bantime.rndtime" is the max number of seconds using for mixing with random time
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
bantime.rndtime = 59
# "bantime.overalljails" (if true) specifies the search of IP in the database will be executed
# cross over all jails, if false (dafault), only current jail of the ban IP will be searched
bantime.overalljails = true
# --------------------
# "bantime" is the number of seconds that a host is banned.
bantime = 1m
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10m
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
#
# HTTP servers
#
[odoo]
enabled = true
chain = DOCKER-USER
# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport
port = http,https
logpath = /var/log/odoo/odoo.access.log
sudo docker-compose logs
fail2ban | 2020-04-25 07:48:16,198 fail2ban.actions [1]: NOTICE [odoo] Ban 158.140.187.220
fail2ban | 2020-04-25 07:48:16,212 fail2ban.utils [1]: ERROR 7f4b445da0f0 -- exec: iptables -w -N f2b-odoo
fail2ban | iptables -w -A f2b-odoo -j RETURN
fail2ban | iptables -w -I DOCKER-USER -p tcp -m multiport --dports http,https -j f2b-odoo
fail2ban | 2020-04-25 07:48:16,212 fail2ban.utils [1]: ERROR 7f4b445da0f0 -- stderr: 'iptables: No chain/target/match by that name.'
fail2ban | 2020-04-25 07:48:16,212 fail2ban.utils [1]: ERROR 7f4b445da0f0 -- returned 1
fail2ban | 2020-04-25 07:48:16,213 fail2ban.actions [1]: ERROR Failed to execute ban jail 'odoo' action 'iptables-multiport' info 'ActionInfo({'ip': '158.140.187.220', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f4b44c3dca0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f4b44c3e3a0>})': Error starting action Jail('odoo')/iptables-multiport: 'Script error'
fail2ban | 2020-04-25 07:49:17,665 fail2ban.actions [1]: NOTICE [odoo] Unban 158.140.187.220
2019-12-06 10:42:27,108 fail2ban.jailreader [1]: NOTICE No file(s) found for glob /var/log/auth.log
2019-12-06 10:42:27,108 fail2ban [1]: ERROR Failed during configuration: Have not found any log file for sshd jail
2019-12-06 10:42:27,108 fail2ban [1]: ERROR Async configuration of server failed
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/fail2ban/client/fail2banserver.py", line 189, in start
raise ServerExecutionException('Async configuration of server failed')
fail2ban.client.fail2bancmdline.ServerExecutionException: Async configuration of server failed
It may caused by this setting in jail.conf
:
before = path-debian.conf
How to override this option to path-fedora.conf
? Thanks.
Hi! This is not really a bug report so I hope it's OK if I ask a question here. I am looking to use RancherOS both for the Rancher management platform and for my Kubernetes hosts. Since everything in RancherOS runs as a container - including system services - I was looking for how to use fail2ban as a container, and found this repo. Has anyone tried docker-fail2ban with RancherOS? Does it work?
Thanks a lot in advance for your help!
Hi Max,
Thanks for your hard work on this project!
Can you add an ARMv7 image to make it run on a Raspberry Pi?
I can confirm it works fine if the Dockerfile is built on a pi, so the only change would be to use the Alpine ARMv7 as base image.
Thanks.
Hello, thank you for your great work. This is not an issue - I apologize using this way for question.
What is the difference between "latest" and "edge" image tag on dockerhub?
Thank You!
Fail2ban tries to ban an IP but the banning does not take affect on the host machine and a "Script error" is seen in the container log; "iptables: No chain/target/match by that name".
I deploy the container using the exact command listed in the readme:
sudo docker run -d --name fail2ban --restart always \
--network host \
--cap-add NET_ADMIN \
--cap-add NET_RAW \
-v $(pwd)/data:/data \
-v /var/log:/var/log:ro \
crazymax/fail2ban:latest
I then set up a jail.local
file in data/jail.d/
, and restart the fail2ban container.
This is the jail:
[DEFAULT]
ignoreip = 127.0.0.0/8
bantime = 1d
findtime = 10m
maxretry = 5
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
I then attempt to SSH into the host machine and use the wrong psasword 5+ times, causing fail2ban to ban my address.
If I connect to the container and run the command fail2ban-client status sshd
it shows this output:
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 16
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 192.168.0.225
When I try to SSH into my host machine with the correct password, I should get immediately rejected.
I SSH into the machine as normal and nothing stops my connection.
Running on Debian 10
Docker version 19.03.5, build 633a0ea838
2020-02-08 02:58:48,411 fail2ban.actions [1]: NOTICE [sshd] Ban 192.168.0.225
2020-02-08 02:58:48,429 fail2ban.utils [1]: ERROR 7f2f45a329f0 -- exec: iptables -w -N f2b-sshd
iptables -w -A f2b-sshd -j RETURN
iptables -w -I DOCKER-USER -p tcp -m multiport --dports ssh -j f2b-sshd
2020-02-08 02:58:48,430 fail2ban.utils [1]: ERROR 7f2f45a329f0 -- stderr: 'iptables: No chain/target/match by that name.'
2020-02-08 02:58:48,430 fail2ban.utils [1]: ERROR 7f2f45a329f0 -- returned 1
2020-02-08 02:58:48,430 fail2ban.actions [1]: ERROR Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': '192.168.0.225', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f2f45a19dc0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f2f45a184c0>})': Error starting action Jail('sshd')/iptables-multiport: 'Script error'
(further down in the log, after the above message)
2020-02-08 02:58:51,574 fail2ban.filter [1]: INFO [sshd] Found 192.168.0.225 - 2020-02-08 02:58:51
2020-02-08 02:58:52,230 fail2ban.actions [1]: NOTICE [sshd] 192.168.0.225 already banned
I am running the default version of Docker with no edited settings.
Here is my sudo iptables -L
output: https://pastebin.com/uw7mVyPr.
Running the container on a Synology NAS.
Other containers sharing same docker-compose file include Traefik and other typical media server services.
Getting this error when running the following command on the container:
"docker-compose run -T fail2ban fail2ban-client status"
which results in the following error:
[1]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
following excerpt from docker-compose.yml file:
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
restart: "no"
cap_add:
- NET_ADMIN
- NET_RAW
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- F2B_LOG_LEVEL=DEBUG
- F2B_DB_PURGE_AGE=1d
- F2B_MAX_RETRY=3
- [email protected]
- [email protected]
- F2B_ACTION=%(action_)s
- F2B_IPTABLES_CHAIN=FORWARD # For Docker version 17.06 and higher, use "DOCKER-USER"; otherwise use "FORWARD"
- SSMTP_HOST=smtp.example.com
- SSMTP_PORT=587
- SSMTP_HOSTNAME=example.com
- [email protected]
- SSMTP_PASSWORD=
- SSMTP_TLS=YES
network_mode: host
privileged: true
volumes:
- "${MOUNT_POINT}/docker/fail2ban:/data"
- "${MOUNT_POINT}/docker/fail2ban/log:/var/log"
- "${MOUNT_POINT}/docker/shared:/shared"
- "${MOUNT_POINT}/docker/organizr/www/db:/var/log/organizr:ro" # Organizr login log path
I've also tried running fail2ban on the Traefik docker bridge network rather than host but no luck as well. Not sure what's going wrong.
Embedded whois can't lookup by IP; outputs
[Querying whois.iana.org:43 '5.188.10.76']
[Querying whois.iana.org:43 'domain 5.188.10.76']
[whois.iana.org]
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
%
% Error: Invalid query domain 5.188.10.76
Was able to circumvent the bug by manually apk adding whois in a dockerfile but you might as well do it here; happy to fill a PR if needed
Trying to install fail2ban on my Ubuntu Server that runs almost everything in Docker.
Do you know how should I monitor Traefik logs with fail2ban?
I would like to secure ssh on host, and some common jails (btw, which ones would you recommend?).
Thanks
Struggling to get Fail2Ban to work with Guacamole docker this would be a great addition especially since there is no mechanism protecting from brute force. I use Traefik and Cloudflare.
I would love to use a custom action and edit those configuration files but I cannot bind mount action.d
to my host and see the files.
i have banned myself (for testing purposes) at the office. Everything is working as it should... but know what is the best way to unban ip
It's more a feedback than a bug report. But as i'm not a Github expert... I open an issue.. bear with me :)
Using Traefik 2.x, i was not able to use the example traefik-auth filter.
I don't know why honestly.
So just to say, that i adapted to tthe regex to something like :
failregex = ^<HOST> \- \- \[\] \"(POST|HEAD|GET) [^"]+" 401\b
and it worked.
And seeing all the s***t issuing requests, based on the model of badbots and botsearch, i made some other filters that i could share.
Well, this is not a bug, more a share, and again thank you for all your images!
Hi,
is it possible to integrate fail2ban in a alpine docker with an simple OpenSSH Server running?
or does fail2ban only works on the docker host?
I set up a fail2ban container, and now when I access any security settings in nextcloud, I get banned. and I can't seem to figure out why. If I'd guess, the regex for traefik-auth is misparsing something,
Here's my fail2ban log: https://hastebin.com/secunuhepi.pl
My traefik access logs: https://hastebin.com/edidorijav.pl
EDIT: Seems to be banning nextcloud webdav users as well.
Forgot to mention that I'm using the example scripts provided for traefik.
When Fail2Ban tries to ban a user with an IPv6 address, I get the following error:
stderr: '/bin/sh: ip6tables: not found'
It doesn't seem like you have the ip6tables program installed in this container. Can this be added?
This looks great. Do you have any idea how I would be able to get this to work on an overlay network? perhaps I'm thinking of this wrong. If I have a swarm and just ran one container per node in host mode does that also block the overlay network?
This is more a feedback than a bug report, but, if i'm right, maybe the doc should be updated (if im right only :) )
In the doc, you explain that the chains INPUT & DOCKER-USER cannot cohabit together in the same instance, and that we should use 2 different instances.
In my case, since it was breaking my b*** to have 2 instances, i digged a bit and dit the following.
`[traefik-auth]
enabled = true
logpath = %(traefik_access_log)s
port = http,https
action = %(action_)s[chain="DOCKER-USER"]
findtime = 600
maxretry = 3
bantime=1w
[traefik-botsearch]
enabled = true
logpath = %(traefik_access_log)s
maxretry = 1
bantime=4w
port = http,https
action = %(action_)s[chain="DOCKER-USER"]
...`
So basically, i'm using the default action (in this case iptables-multiport) but asking to use the chain DOCKER-USER for those jails.
You could of course, swap the 2 chains, setting DOCKER-USER as default and use INPUT when need (which would actually make more sense in my case as i have more docker jails than input jails.. but well, it's working)
So far, it's working ok.
Again, thank you for your great images!
Tell me what should happen
Tell me what happens instead
docker --version
) :docker-compose --version
) :uname -a
) :docker-compose.yml
, .env
, ...> Output of command `docker info`
> Container logs (set LOG_LEVEL to debug if applicable)
Firstly - thanks very much for this image. It's working wonderfully!
CURRENT BEHAVIOUR: upon execution, entrypoint.sh writes default values into /etc/fail2ban/jail.local - effectively creating jail.local from scratch. It does this every time the container is run .. as designed.
However, I'd recommend that FAIL2BAN's philosophy for jail.local is that it be used to define custom behaviour (i.e. if I wanted to add a new action & jail I would do so by amending jail.local).
Following best-practices (I hope!) for Docker Swarm, I map a volume to jail.local and amend my jail.local file:-
fail2ban.yaml (my file!)
volumes:
- /media/nas/common/fail2ban/jail.local:/etc/fail2ban/jail.local
... but of course when entrypoint.sh runs it erases my amendments to jail.local ( entrypoint.sh: cat > ) by creating jail.local from scratch.
If you agree with my position, I would recommend making a slight amendment to entrypoint.sh as follows:-
if [ ! -f /etc/fail2ban/jail.local ] ; then
cat > /etc/fail2ban/jail.local <<EOL
[DEFAULT]
maxretry = ${F2B_MAX_RETRY}
backend = ${F2B_BACKEND}
destemail = ${F2B_DEST_EMAIL}
sender = ${F2B_SENDER}
action = ${F2B_ACTION}
EOL
fi
Tell me what should happen
The current entrypoint.sh does exactly what it's designed to do - creating /etc/fail2ban/jail.local from scratch each time the container is run.
My suggestion is amend entrypoint.sh so that it only creates jail.local if the file doesn't already exist. In that way developers can amend the execution of fail2ban using amendments to jail.local
I followed the instructions to set up two containers (one for INPUT one for DOCKER-USER).
.env
file is as follows:
TZ=UTC
F2B_LOG_TARGET=STDOUT
F2B_LOG_LEVEL=DEBUG
F2B_DB_PURGE_AGE=1d
F2B_MAX_RETRY=3
[email protected]
[email protected]
F2B_ACTION=%(action_mw)s
F2B_IPTABLES_CHAIN=DOCKER-USER
SSMTP_HOST=smtp
SSMTP_PORT=587
SSMTP_HOSTNAME=xxx.com
[email protected]
SSMTP_PASSWORD=xxxxxx
SSMTP_TLS=YES
When someone gets banned it should be sending me an email but it does not appear to do anything.
I tried entering the container and executing sendmail
and it simply hangs and I have to do a kill <pid>
on it to end.
Any ideas how to fix this ?
Thanks
I moved to your image from a previous docker implementation and before that from fail2ban installed on the host. Much prefer running it in docker.
However I had a couple of scripts running which parsed the fail2ban logs and performed actions when certain events occurred (e.g. triggered slack and pushbullet notifications to suppliment the emails). Typically the logs get written to /var/log/fail2ban.log.
Is there any way to write the fail2ban logs to a file with this image?
Just to make sure, this blocks connections to host as well correct?
Hi Max,
Thanks for all your hard work on this project!
I was wondering about the log system implementation with compose though. Since the startup requires logs -f, I'm wondering how I might bake this into restart policies? If the system goes down, or the docker gets detattached from the console log output for some reason..would you have any recommendations for tieing them together?
Thanks
Tried to ssh in from ipv6 host, which showed in the logs when the attempts failed. After the third try, fail2ban attempted to ban the ip address, which it managed to do in its database, but the ip6tables failed. On subsequent attempt, the same log lines appeared, and it seemed like I could try to log in again. After three attempts, a message appeared in the log stating that the ip is already banned.
IP should be banned
IP is not banned, and the below is observed in the logs;
Install insmod via the kmod package. I did this in the running container, and on subsequent attempt, the ip was successfully banned.
docker --version
) : 18.06.1-ce, build e68fc7adocker-compose --version
) : 1.19.0, build 9e633efdocker-compose.yml
, .env
, ...Containers: 9
Running: 7
Paused: 0
Stopped: 2
Images: 33
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-36-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.9GiB
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
2019-05-05 23:55:19,444 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2019-05-05 23:55:19,444 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "ip6tables v1.6.2: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "ip6tables v1.6.2: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: "ip6tables v1.6.2: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'
2019-05-05 23:55:19,447 fail2ban.utils [1]: ERROR 7fe1bd8a4b58 -- returned 3
2019-05-05 23:55:19,447 fail2ban.actions [1]: ERROR Failed to execute ban jail 'sshd' action 'iptables-multiport' info 'ActionInfo({'ip': '2a02:2121:343:a0d4:*something more*', 'fid': <function <lambda> at 0x7fe1bd8bb320>, 'family': 'inet6', 'raw-ticket': <function <lambda> at 0x7fe1bd8bb7d0>})': Error starting action Jail('sshd')/iptables-multiport
2019-05-05 23:56:47,178 fail2ban.filter [1]: INFO [sshd] Found 2a02:2121:343:a0d4:*something more* - 2019-05-05 23:56:46
2019-05-05 23:56:52,592 fail2ban.filter [1]: INFO [sshd] Found 2a02:2121:343:a0d4:*something more* - 2019-05-05 23:56:52
2019-05-05 23:56:54,614 fail2ban.filter [1]: INFO [sshd] Found 2a02:2121:343:a0d4:*something more* - 2019-05-05 23:56:54
2019-05-05 23:56:54,642 fail2ban.actions [1]: WARNING [sshd] 2a02:2121:343:a0d4:*something more* already banned
Hi there, good work on this f2b image, it's way better than the ones I've tried.
If you don't mind, I've got a request, could you please add curl to this as well? I use cloudflare and the cloudflare action requires curl.
Thanks
In this comment, it is mentioned that you can use iptables -S | grep f2b
to see the banned IPs in iptables, when I try to do that I get this:
~$ sudo iptables -S | grep f2b
# Warning: iptables-legacy tables present, use iptables-legacy to see them
~$ sudo iptables-legacy -S | grep f2b
-A f2b-sshd -s 1.11.201.18/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 1.10.133.55/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 1.1.186.208/32 -j REJECT --reject-with icmp-port-unreachable
etc.
docker --version
) : Docker version 19.03.12, build 48a66213feuname -a
) : Linux apollo 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/LinuxClient:
Debug Mode: false
Server:
Containers: 6
Running: 6
Paused: 0
Stopped: 0
Images: 77
Server Version: 19.03.12
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.19.0-8-amd64
Operating System: Debian GNU/Linux 10 (buster)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.902GiB
Name: apollo
ID: CQKT:FWY5:L44P:4CX5:CEER:W6SM:YKZT:FPD7:VNHL:3D4V:BARG:MKYB
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
I made a remote PC try to ssh with password to my raspberry pi server with password authentication turned off (only public key), and it doesn't recognize the IP address.
jail.local
[DEFAULT]
bantime = 1h
maxretry = 3
findtime = 1h
ignoreip = 127.0.0.1/8 ::1 10.0.0.1/24
logencoding = auto
usedns = warn
enabled = false
mode = aggressive
destemail = [email protected]
sendername = Fail2Ban Schklom
fq-hostname = Schklom
port = 0:65535
#banaction = iptables-multiport
banaction = iptables-allports
protocol = tcp
bantime.increment = true
bantime.factor = 1
bantime.maxtime = 4w
bantime.rndtime = 38
# Email with sendername activated (copied from jail.conf and arranged according to git issue below)
# Email with fq-hostname activated (copied from jail.conf and arranged according to git issue below)
# https://github.com/fail2ban/fail2ban/issues/2071
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", sendername="%(sendername)s", fq-hostname="%(fq-hostname)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action = %(action_mwl)s
sshd_log = /var/log/auth.log
[sshd]
enabled = true
chain = INPUT
port = 1234
filter = sshd[mode=aggressive]
logpath = %(sshd_log)s
maxretry = 3
# When I turn off usedns, the log's line "Unable to ..." disappears, but still no ban
#usedns = no
[Definition]
failregex = %(known/failregex)s
%(__prefix_line)sConnection closed by authenticating user <F-USER>.+</F-USER> <HOST> port \d+ [preauth]$
The ip should be banned when /var/log/auth.log
has these lines
Oct 29 17:58:34 raspberrypi sshd[25644]: Connection reset by authenticating user pi 123.456.78.910 port 53945 [preauth]
Oct 29 17:59:24 raspberrypi sshd[25960]: Connection reset by authenticating user pi 123.456.78.910 port 53977 [preauth]
Oct 29 18:38:10 raspberrypi sshd[32493]: Connection reset by authenticating user pi 123.456.78.910 port 61479 [preauth]
It doesn't read the IP, and doesn't ban it.
docker --version
) : Docker version 19.03.13, build 4484c46
docker-compose --version
) : docker-compose version 1.27.3, build unknown
uname -a
) : Linux raspberrypi 5.4.72-v7l+ #1356 SMP Thu Oct 22 13:57:51 BST 2020 armv7l GNU/Linux
docker-compose.yml
, .env
, ...version: "3.8"
services:
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
security_opt:
- no-new-privileges:true
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
- ${DOCKERCONFIG}/fail2ban:/data
- /var/log:/var/log:ro
environment:
- TZ=${TZ}
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=DEBUG
- F2B_DB_PURGE_AGE=1d
- SSMTP_HOST=smtp.gmail.com
- SSMTP_PORT=465
- SSMTP_HOSTNAME=gmail.com
- SSMTP_USER=${FAIL2BAN_SSMTP_USER}
- SSMTP_PASSWORD=${FAIL2BAN_SSMTP_PASSWORD}
- SSMTP_TLS=YES
restart: always
Client:
Debug Mode: false
Server:
Containers: 10
Running: 9
Paused: 0
Stopped: 1
Images: 12
Server Version: 19.03.13
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 5.4.72-v7l+
Operating System: Raspbian GNU/Linux 10 (buster)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 7.691GiB
Name: raspberrypi
ID: HNQJ:2QLW:NIJP:OCJQ:6RLW:B7TX:EGNG:VBNS:MLKF:76S3:DMWF:CWNU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No kernel memory limit support
WARNING: No kernel memory TCP limit support
WARNING: No oom kill disable support
docker logs fail2ban
Setting timezone to Europe/Oslo...
Setting SSMTP configuration...
Initializing files and folders...
Setting Fail2ban configuration...
Checking for custom actions in /data/action.d...
Checking for custom filters in /data/filter.d...
Add custom filter sshd.local...
2020-10-29 18:53:44,378 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban
2020-10-29 18:53:44,385 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-10-29 18:53:44,388 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-10-29 18:53:44,395 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock
2020-10-29 18:53:44,396 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT
2020-10-29 18:53:44,407 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban
2020-10-29 18:53:44,409 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf']
2020-10-29 18:53:44,460 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf']
2020-10-29 18:53:44,469 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf']
2020-10-29 18:53:44,473 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
2020-10-29 18:53:44,490 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/sshd.local']
2020-10-29 18:53:44,500 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/jail.local', '/etc/fail2ban/jail.d/sshd.local']
2020-10-29 18:53:44,504 fail2ban.configreader [1]: INFO Loading configs for filter.d/sshd under /etc/fail2ban
2020-10-29 18:53:44,512 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
2020-10-29 18:53:44,518 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf']
2020-10-29 18:53:44,523 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.local']
2020-10-29 18:53:44,524 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.local']
2020-10-29 18:53:44,525 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf', '/etc/fail2ban/filter.d/sshd.local']
2020-10-29 18:53:44,558 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-allports under /etc/fail2ban
2020-10-29 18:53:44,560 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-allports.conf']
2020-10-29 18:53:44,565 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
2020-10-29 18:53:44,569 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
2020-10-29 18:53:44,570 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
2020-10-29 18:53:44,571 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-allports.conf']
2020-10-29 18:53:44,576 fail2ban.configreader [1]: INFO Loading configs for action.d/sendmail-whois-lines under /etc/fail2ban
2020-10-29 18:53:44,578 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-whois-lines.conf']
2020-10-29 18:53:44,582 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.conf']
2020-10-29 18:53:44,585 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.local']
2020-10-29 18:53:44,587 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/mail-whois-common.conf']
2020-10-29 18:53:44,589 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/mail-whois-common.local']
2020-10-29 18:53:44,595 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/helpers-common.conf']
2020-10-29 18:53:44,597 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.conf', '/etc/fail2ban/action.d/mail-whois-common.conf', '/etc/fail2ban/action.d/helpers-common.conf', '/etc/fail2ban/action.d/sendmail-whois-lines.conf']
2020-10-29 18:53:44,758 fail2ban.server [1]: INFO --------------------------------------------------
2020-10-29 18:53:44,759 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1
2020-10-29 18:53:44,760 fail2ban.server [1]: DEBUG Creating PID file /var/run/fail2ban/fail2ban.pid
2020-10-29 18:53:44,763 fail2ban.observer [1]: INFO Observer start...
2020-10-29 18:53:44,767 fail2ban.server [1]: DEBUG Starting communication
2020-10-29 18:53:44,783 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2020-10-29 18:53:44,786 fail2ban.jail [1]: INFO Creating new jail 'sshd'
2020-10-29 18:53:44,818 fail2ban.jail [1]: INFO Jail 'sshd' uses pyinotify {}
2020-10-29 18:53:44,819 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,819 fail2ban.filter [1]: DEBUG Created FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,822 fail2ban.filterpyinotif [1]: DEBUG Created FilterPyinotify
2020-10-29 18:53:44,822 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend
2020-10-29 18:53:44,824 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,824 fail2ban.server [1]: DEBUG prefregex: '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'
2020-10-29 18:53:44,831 fail2ban.filter [1]: INFO maxLines: 1
2020-10-29 18:53:44,832 fail2ban.server [1]: DEBUG failregex: '^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,838 fail2ban.server [1]: DEBUG failregex: '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,843 fail2ban.server [1]: DEBUG failregex: '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-10-29 18:53:44,849 fail2ban.server [1]: DEBUG failregex: '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-10-29 18:53:44,857 fail2ban.server [1]: DEBUG failregex: '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>'
2020-10-29 18:53:44,861 fail2ban.server [1]: DEBUG failregex: '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,867 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,872 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,878 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,884 fail2ban.server [1]: DEBUG failregex: '^refused connect from \\S+ \\(<HOST>\\)'
2020-10-29 18:53:44,888 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,894 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,900 fail2ban.server [1]: DEBUG failregex: "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$"
2020-10-29 18:53:44,907 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,915 fail2ban.server [1]: DEBUG failregex: '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,923 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*'
2020-10-29 18:53:44,926 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$'
2020-10-29 18:53:44,933 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,937 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:'
2020-10-29 18:53:44,942 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?: (?:port \\d+|on \\S+)){0,2}\\s+\\[preauth\\]\\s*$'
2020-10-29 18:53:44,949 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)'
2020-10-29 18:53:44,955 fail2ban.server [1]: DEBUG failregex: '^Did not receive identification string from <HOST>'
2020-10-29 18:53:44,971 fail2ban.server [1]: DEBUG failregex: "^Bad protocol version identification '.*' from <HOST>"
2020-10-29 18:53:44,976 fail2ban.server [1]: DEBUG failregex: '^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>'
2020-10-29 18:53:44,980 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\\d+;[A-Z]\\w+:'
2020-10-29 18:53:44,991 fail2ban.server [1]: DEBUG failregex: '^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer'
2020-10-29 18:53:44,992 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*14: No supported authentication methods available'
2020-10-29 18:53:45,003 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate with <HOST>(?: (?:port \\d+|on \\S+)){0,2}: no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found.'
2020-10-29 18:53:45,008 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate a (?:(?:\\w+ (?!found\\b)){0,2}\\w+)'
2020-10-29 18:53:45,010 fail2ban.server [1]: DEBUG failregex: '^no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found:'
2020-10-29 18:53:45,012 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>'
2020-10-29 18:53:45,016 fail2ban.server [1]: DEBUG failregex: '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?Connection closed by authenticating user <F-USER>.+</F-USER> <HOST> port \\d+ [preauth]$'
2020-10-29 18:53:45,049 fail2ban.filter [1]: INFO maxRetry: 3
2020-10-29 18:53:45,050 fail2ban.filter [1]: INFO findtime: 3600
2020-10-29 18:53:45,051 fail2ban.actions [1]: INFO banTime: 3600
2020-10-29 18:53:45,051 fail2ban.jail [1]: INFO Set banTime.increment = True
2020-10-29 18:53:45,052 fail2ban.jail [1]: INFO Set banTime.factor = 1
2020-10-29 18:53:45,052 fail2ban.jail [1]: INFO Set banTime.maxtime = 4w
2020-10-29 18:53:45,053 fail2ban.jail [1]: INFO Set banTime.rndtime = 38
2020-10-29 18:53:45,055 fail2ban.filter [1]: DEBUG Add '127.0.0.0/8' to ignore list ('127.0.0.1/8')
2020-10-29 18:53:45,055 fail2ban.filter [1]: DEBUG Add '::1' to ignore list ('::1')
2020-10-29 18:53:45,056 fail2ban.filter [1]: DEBUG Add '10.2.0.0/24' to ignore list ('10.2.0.1/24')
2020-10-29 18:53:45,056 fail2ban.filter [1]: DEBUG Add '10.0.0.0/24' to ignore list ('10.0.0.1/24')
2020-10-29 18:53:45,057 fail2ban.filter [1]: INFO encoding: UTF-8
2020-10-29 18:53:45,058 fail2ban.filter [1]: INFO Added logfile: '/var/log/auth.log' (pos = 303192, hash = ccd6530adb8309f16718f1b271d3c1c104b3da5e)
2020-10-29 18:53:45,059 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=1 path=/var/log mask=1073745280 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0xb60265c8> dir=True >
2020-10-29 18:53:45,060 fail2ban.filterpyinotif [1]: DEBUG Added monitor for the parent directory /var/log
2020-10-29 18:53:45,061 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=2 path=/var/log/auth.log mask=2 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0xb60265c8> dir=False >
2020-10-29 18:53:45,062 fail2ban.filterpyinotif [1]: DEBUG Added file watcher for /var/log/auth.log
2020-10-29 18:53:45,062 fail2ban.filter [1]: DEBUG Seek to find time 1603990425.062525 (2020-10-29 17:53:45), file size 303516
2020-10-29 18:53:45,076 fail2ban.filter [1]: DEBUG Position 303192 from 303516, found time 1603994017.0 (2020-10-29 18:53:37) within 1 seeks
2020-10-29 18:53:45,077 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2020-10-29 18:53:45,077 fail2ban.CommandAction [1]: DEBUG Set actionstart = '<iptables> -N f2b-sshd\n<iptables> -A f2b-sshd -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionstop = '<iptables> -D INPUT -p tcp -j f2b-sshd\n<iptables> -F f2b-sshd\n<iptables> -X f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionflush = '<iptables> -F f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actioncheck = "<iptables> -n -L INPUT | grep -q 'f2b-sshd[ \\t]'"
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionban = '<iptables> -I f2b-sshd 1 -s <ip> -j <blocktype>'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set actionunban = '<iptables> -D f2b-sshd -s <ip> -j <blocktype>'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set port = '55821'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-allports'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'REJECT --reject-with icmp-port-unreachable'
2020-10-29 18:53:45,081 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN'
2020-10-29 18:53:45,081 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables <lockingopt>'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables <lockingopt>'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actionstart = 'printf %b "Subject: [Fail2Ban] sshd: started on Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe jail sshd has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actionstop = 'printf %b "Subject: [Fail2Ban] sshd: stopped on Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe jail sshd has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actioncheck = ''
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set actionban = '( printf %b "Subject: [Fail2Ban] sshd: banned <ip> from Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against sshd.\\n\\n\nHere is more information about <ip> :\\n"\nwhois <ip> || echo "missing whois program";\nprintf %b "\\nLines containing failures of <ip> (max 1000)\\n";\nlogpath="/var/log/auth.log"; grep -m 1000 -wF "<ip>" $logpath | tail -n 1000;\nprintf %b "\\n\nRegards,\\n\nFail2Ban" ) | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set actionunban = ''
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set norestored = True
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set sender = 'root@<fq-hostname>'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set sendername = 'Fail2Ban Schklom'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set fq-hostname = 'Schklom'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set dest = '[email protected]'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set logpath = '/var/log/auth.log'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set actname = 'sendmail-whois-lines'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set mailcmd = '/usr/sbin/sendmail -f "<sender>" "<dest>"'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set greplimit = 'tail -n <grepmax>'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set grepmax = '1000'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set grepopts = '-m <grepmax>'
2020-10-29 18:53:45,090 fail2ban.jail [1]: DEBUG Starting jail 'sshd'
2020-10-29 18:53:45,099 fail2ban.filterpyinotif [1]: DEBUG [sshd] filter started (pyinotifier)
2020-10-29 18:53:45,135 fail2ban.jail [1]: INFO Jail 'sshd' started
2020-10-29 18:53:45,148 fail2ban.transmitter [1]: DEBUG Status: ready
Server ready
2020-10-29 18:53:46,655 fail2ban.utils [1]: DEBUG b6034160 -- returned successfully 0
2020-10-29 18:53:52,278 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,279 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 18:53:52,284 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,285 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 18:53:52,418 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,418 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 19:01:01,319 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 19:01:01,320 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 19:01:01,366 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for authenticating: [Errno -2] Name does not resolve
2020-10-29 19:01:02,405 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 19:01:02,405 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
PS: I am using this container instead of Fail2Ban on host, because while I don't have the problem I just described, I can't manage to setup email notifications.
If someone could help, I would be very grateful :)
Many thanks
Sorry I know there are other issues on this and I have read them but still cannot figure out a solution to my problem :/
I have two instances of f2b running: input (ssh) and docker (postfix service i am having issues with). I followed examples for ssh and it works great, but i am getting an error for my postfix service.
docker --version
) : Docker version 18.09.1, build 4c52b90docker-compose --version
) : docker-compose version 1.21.0, build unknownuname -a
) : 4.19.118 kernel f2b-input:
image: crazymax/fail2ban
container_name: f2b-input
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
env_file:
- env/f2b.${ENV}.env
environment:
- "F2B_IPTABLES_CHAIN=INPUT"
volumes:
- /opt/f2b-input:/data
- /var/log:/var/log:ro
restart: always
f2b-docker:
image: crazymax/fail2ban
container_name: f2b-docker
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
env_file:
- env/f2b.${ENV}.env
environment:
- "F2B_IPTABLES_CHAIN=DOCKER-USER"
volumes:
- /opt/f2b-docker:/data
- /var/log:/var/log:ro
restart: always
TZ=America/Denver
F2B_LOG_TARGET=STDOUT
F2B_LOG_LEVEL=INFO
F2B_DB_PURGE_AGE=1d
[postfix]
enabled = true
# To use another modes set filter parameter "mode" in jail.local:
filter = postfix[mode=aggressive]
port = smtp,465,submission
chain = DOCKER-USER
logpath = %(postfix_log)s
backend = %(postfix_backend)s
[DEFAULT]
bantime.increment = true
bantime.rndtime = 60
bantime.maxtime = 2592000
bantime.factor = 2
bantime.formula = ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)
bantime.multipliers = 1 5 30 60 300 720 1440 2880
bantime.overalljails = false
ignoreself = true
ignorecommand =
bantime = 60m
findtime = 10m
maxretry = 5
maxmatches = %(maxretry)s
For f2b-docker container:
2020-07-23 21:08:29,136 fail2ban.filter [1]: INFO [postfix] Found 185.222.58.118 - 2020-07-23 21:08:29
2020-07-23 21:08:29,280 fail2ban.actions [1]: NOTICE [postfix] Ban 185.222.58.118
2020-07-23 21:08:29,288 fail2ban.utils [1]: ERROR 7f504a1da9f0 -- exec: iptables -w -N f2b-postfix
iptables -w -A f2b-postfix -j RETURN
iptables -w -I DOCKER-USER -p tcp -m multiport --dports smtp,465,submission -j f2b-postfix
2020-07-23 21:08:29,289 fail2ban.utils [1]: ERROR 7f504a1da9f0 -- stderr: 'iptables: Chain already exists.'
2020-07-23 21:08:29,289 fail2ban.utils [1]: ERROR 7f504a1da9f0 -- stderr: 'iptables: No chain/target/match by that name.'
2020-07-23 21:08:29,289 fail2ban.utils [1]: ERROR 7f504a1da9f0 -- returned 1
2020-07-23 21:08:29,290 fail2ban.actions [1]: ERROR Failed to execute ban jail 'postfix' action 'iptables-multiport' info 'ActionInfo({'ip': '185.222.58.118', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f504a851dc0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f504a84c4c0>})': Error starting action Jail('postfix')/iptables-multiport: 'Script error'
2020-07-23 21:08:35,738 fail2ban.filter [1]: INFO [postfix] Found 212.70.149.67 - 2020-07-23 21:08:35
Hello people,
I set up Fail2Ban with bitwarden_rs and while it seems to bann the ip the logs, i can still successfully login with the correct password. I am using Traefik 1.7 Maroilles as a reverse proxy to access BitwardenRS. What i have tried till now to fix the issue :
Logs:
The ip i suppose as it's through the docker network is different from the "real" one, not sure how to configure it to show it properly (tried with a lan device as also mobile data)
2020-07-05 18:32:22,123 fail2ban.filter [1]: INFO [bitwarden] Found myip- 2020-07-05 18:32:22
2020-07-05 18:32:23,456 fail2ban.actions [1]: NOTICE [bitwarden] myip already banned
i'm putting as image an not as text as every time i paste it all the format/composure goes to hell and it's not easily writable.
docker compose file
Any idea what's wrong ? any tip or suggestion would be really helpful as i cannot figure it out whats wrong.
update:
After some attempts i see that the loading button is just looping giving me hope that the ip is banned but then refreshing the page and entering my normal credentials is giving me access once again. Also I'm making the test with a phone with cellular data and i see that the ip doesn't match the ones in the log probably because of docker networking but still not sure if it's ok. What i tried :
i'm always restarted the container but nothing of these seems to work. I also try to change in the docker compose file the
network_mode: "host" to network_mode: "bridge"
and try once again all the 3 above action configurations but still nothing. Traefik the reverse proxy is configured with cloudflare if it can helps somehow.
One question please:
Why is it adviced to use a second container when banning with iptables the chain DOCKER-USER
and INPUT
at the same time as shown here:
https://github.com/crazy-max/docker-fail2ban/blob/master/examples/compose-multi/docker-compose.yml
Wouldn't it be enough to use just one container and extend the used action to just add the second chain to iptables?
Something like this:
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I INPUT -p <protocol> -j f2b-<name>
<iptables> -I DOCKER-USER -p <protocol> -j f2b-<name>
Thanks for the great image.
While I can manually map my own jail.local and include the ignoreip
config setting I'd rather not do that since you've got everything else working through env vars.
Can we add another env var for ignoreip
?
I want to ban ip after multi retry false login on the container owncloud
The IP that made several errors on the owncloud login must be banned
docker --version
) :Docker version 19.03.5, build 633a0ea
docker-compose --version
) :docker-compose version 1.25.1, build a82fef0
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 10 (buster)
Release: 10
Codename: buster
uname -a
) :Linux stark 4.19.75-v7l+ #1270 SMP Tue Sep 24 18:51:41 BST 2019 armv7l GNU/Linux
docker-compose.yml
, .env
, ...filder.d -> owncloud.conf
failregex={.*Login failed: \'.*\' \(Remote IP: \'<HOST>\'\)"}
ignoreregex =
jail.d -> owncloud.conf
[owncloud]
enabled = true
port = http, https
protocol = tcp
filter = owncloud
maxretry = 3
bantime = 4w
logpath = /var/log/owncloud.log
docker-compose-owncloud.yml
sync_cloud:
image: owncloud/server:${SYNC_TAG}
container_name: sync_cloud
environment:
- OWNCLOUD_DOMAIN=${SYNC_SERVER_HOSTNAME}
# DATABASE
- OWNCLOUD_DB_HOST=sync_db
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_NAME=${SYNC_DB_NAME}
- OWNCLOUD_DB_USERNAME=${SYNC_DB_USER}
- OWNCLOUD_DB_PASSWORD=${SYNC_DB_PASS}
# OWNCLOUD Administration
- OWNCLOUD_ADMIN_USERNAME=${SYNC_ADMIN_USER}
- OWNCLOUD_ADMIN_PASSWORD=${SYNC_ADMIN_PASS}
# OWNCLOUD Cache
- OWNCLOUD_REDIS_HOST=sync_cache
- OWNCLOUD_REDIS_ENABLED=true
# OWNCLOUD Log
- OWNCLOUD_LOG_LEVEL=2
volumes:
- ${SYNC_SYNC_FOLDER}:/mnt/data
- ${SYNC_LOG}:/mnt/data/files/owncloud.log
labels:
# SYNC HTTP
- "traefik.enable=true"
- "traefik.http.routers.sync.rule=Host(`${SYNC_SERVER_HOSTNAME}`)"
- "traefik.http.routers.sync.entrypoints=http"
- "traefik.http.services.sync.loadbalancer.server.port=8080"
- "traefik.http.routers.sync.middlewares=redirect-to-https"
# SYNC HTTPS
- "traefik.http.routers.sync-https.rule=Host(`${SYNC_SERVER_HOSTNAME}`)"
- "traefik.http.routers.sync-https.entrypoints=https"
- "traefik.http.routers.sync-https.tls=true"
- "traefik.http.routers.sync-https.tls.certresolver=eastwatch"
networks:
- web
docker-network web
docker_network:
name: web
driver: bridge
ipam_config:
- subnet: 172.19.0.0/16
gateway: 172.19.0.1
driver_options:
com.docker.network.bridge.default_bridge: false
com.docker.network.bridge.enable_icc: true
com.docker.network.bridge.enable_ip_masquerade: true
com.docker.network.bridge.host_binding_ipv4: 0.0.0.0
com.docker.network.bridge.name: docker1
com.docker.network.bridge.mtu: 1500
docker-compose-traefik.yml
reverse-proxy:
image: traefik:${REVERSE_PROXY_TAG}
container_name: reverse-proxy
ports:
- 443:443
- 80:80
- 8080:8080
environment:
- TZ=${TIMEZONE}
volumes:
- ${REVERSE_PROXY_STATIC_CONFIG}:/etc/traefik/traefik.toml
- ${REVERSE_PROXY_DYNAMIC_CONFIG}:/etc/traefik/services.toml
- ${REVERSE_PROXY_LETSENCRYPT_FOLDER}:/letsencrypt
- ${DOCKER_VOLUME_SOCK}:/var/run/docker.sock:ro
- ${REVERSE_PROXY_LOG}:/var/log
labels:
# DASHBOARD
- "traefik.http.routers.api.rule=Host(`${API_TRAEFIK_HOSTNAME}`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.entrypoints=http"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=${REVERSE_PROXY_DASHBOARD_USER}:${REVERSE_PROXY_DASHBOARD_PASS}"
# MIDDLEWARES
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# KINGSLANDING HTTP
- "traefik.http.routers.kingslanding.rule=Host(`${KINGSLANDING_HOSTNAME}`)"
- "traefik.http.routers.kingslanding.service=kingslanding@file"
- "traefik.http.routers.kingslanding.entrypoints=http"
# NETGEAR HTTP
- "traefik.http.routers.netgear.rule=Host(`${NETGEAR_ROUTEUR_HOSTNAME}`)"
- "traefik.http.routers.netgear.service=netgear@file"
- "traefik.http.routers.netgear.entrypoints=http"
# LIVEBOX HTTP
- "traefik.http.routers.livebox.rule=Host(`${LIVEBOX_ROUTEUR_HOSTNAME}`)"
- "traefik.http.routers.livebox.service=livebox@file"
- "traefik.http.routers.livebox.entrypoints=http"
# BITTORENT HTTP
- "traefik.http.routers.bittorent.rule=Host(`${BITTORENT_HOSTNAME}`)"
- "traefik.http.routers.bittorent.service=bittorent@file"
- "traefik.http.routers.bittorent.entrypoints=http"
# MEDIA LIBRARY HTTP
- "traefik.http.routers.media-library.rule=Host(`${MEDIA_LIBRARY_HOSTNAME}`)"
- "traefik.http.routers.media-library.service=media-library@file"
- "traefik.http.routers.media-library.entrypoints=http"
# DNS-SERVER HTTP
- "traefik.http.routers.dns-server.rule=Host(`${DNS_SERVER_HOSTNAME}`)"
- "traefik.http.routers.dns-server.service=dns-server@file"
- "traefik.http.routers.dns-server.entrypoints=http"
networks:
- web
docker-compose-fail2ban.yml
fail2ban-docker:
image: crazymax/fail2ban:${FAIL2BAN_TAG}
container_name: fail2ban-docker
environment:
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=DEBUG
- F2B_DB_PURGE_AGE=1d
- TZ=${TIMEZONE}
- F2B_IPTABLES_CHAIN=DOCKER-USER
volumes:
- ${FAIL2BAN_DOCKER_FOLDER_DATA_FILTER}:/data/filter.d
- ${FAIL2BAN_DOCKER_FOLDER_DATA_JAIL}:/data/jail.d
# - ${FAIL2BAN_DATA_DB}:/data/db
- ${FAIL2BAN_FOLDER_SCRAP_LOG}:/var/log:ro
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
restart: always
> Client:
Debug Mode: false
Server:
Containers: 8
Running: 8
Paused: 0
Stopped: 0
Images: 7
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.75-v7l+
Operating System: Raspbian GNU/Linux 10 (buster)
OSType: linux
Architecture: armv7l
CPUs: 4
Total Memory: 3.863GiB
Name: stark
ID: HJOH:HX4T:DJYE:GDHO:NWXL:SFQN:57ST:KI56:ICFU:ZTWL:3UUH:RBEE
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support`
2020-06-20 15:13:01,586 fail2ban.observer [1]: DEBUG [owncloud] Observer: ban found 80.214.214.116, 2419200
2020-06-20 15:13:01,618 fail2ban.utils [1]: ERROR b6597bd0 -- exec: iptables -w -N f2b-owncloud iptables -w -A f2b-owncloud -j RETURN iptables -w -I DOCKER-USER -p tcp -m multiport --dports http, https -j f2b-owncloud
2020-06-20 15:13:01,618 fail2ban.utils [1]: ERROR b6597bd0 -- stderr: 'iptables: Chain already exists.'
2020-06-20 15:13:01,619 fail2ban.utils [1]: ERROR b6597bd0 -- stderr: "iptables v1.8.3 (legacy): invalid port/service `' specified"
2020-06-20 15:13:01,619 fail2ban.utils [1]: ERROR b6597bd0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2020-06-20 15:13:01,619 fail2ban.utils [1]: ERROR b6597bd0 -- returned 2
2020-06-20 15:13:01,620 fail2ban.actions [1]: ERROR Failed to execute ban jail 'owncloud' action 'iptables-multiport' info 'ActionInfo({'ip': '80.214.214.116', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xb65bb220>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xb65bb580>})': Error starting action Jail('owncloud')/iptables-multiport: 'Script error'
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/fail2ban/server/actions.py", line 482, in __checkBan action.ban(aInfo)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 548, in ban
self._start(family, forceStart=True)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 529, in _start
ret = self._executeOperation('<actionstart>', 'starting', family=family, afterExec=_started)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 462, in _executeOperation
raise RuntimeError("Error %s action %s/%s: %r" % (operation, self._jail, self._name, err))
RuntimeError: Error starting action Jail('owncloud')/iptables-multiport: 'Script error'
Bitwarden + f2b
Docker compose file:
# Fail2Ban - Intrusion prevention vs brute force attacks
fail2ban:
image: crazymax/fail2ban
container_name: Fail2ban
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
privileged: true
volumes:
- $USERDIR/Fail2ban:/data
- /var/log:/var/log:ro
- /etc/localtime:/etc/localtime:ro
- $USERDIR/Traefik/traefik.log:/traefik.log:ro
- $USERDIR/Bitwarden/Data/bitwarden.log:/bitwarden.log:ro
- $USERDIR/Authelia/authelia.log:/authelia.log:ro
restart: always
environment:
- TZ=$TZ
- SSMTP_HOST=$BW_SMTP_HOST
- SSMTP_PORT=$BW_SMTP_PORT
- SSMTP_USER=$BW_SMTP_USERNAME
- SSMTP_PASSWORD=$BW_SMTP_PASSWORD
- SSMTP_TLS=YES
- F2B_LOG_TARGET=/data/fail2ban.log
- F2B_LOG_LEVEL=INFO
Bitwarden log:
today at 10:30 PM [2020-09-05 22:30:14.258][error][ERROR] Username or password is incorrect. Try again. IP: 148.252.132.248. Username: [email protected].
today at 10:30 PM [2020-09-05 22:30:22.462][error][ERROR] Username or password is incorrect. Try again. IP: 148.252.132.248. Username: [email protected].
today at 10:30 PM [2020-09-05 22:30:24.183][error][ERROR] Username or password is incorrect. Try again. IP: 148.252.132.248. Username: [email protected].
today at 10:30 PM [2020-09-05 22:30:25.533][error][ERROR] Username or password is incorrect. Try again. IP: 148.252.132.248. Username: [email protected].
today at 10:30 PM [2020-09-05 22:30:26.683][error][ERROR] Username or password is incorrect. Try again. IP: 148.252.132.248. Username: [email protected].
F2B Log:
today at 10:26 PM Setting timezone to Europe/London...
today at 10:26 PM ln: /etc/localtime: File exists
today at 10:26 PM Setting SSMTP configuration...
today at 10:26 PM Initializing files and folders...
today at 10:26 PM Setting Fail2ban configuration...
today at 10:26 PM Checking for custom actions in /data/action.d...
today at 10:26 PM Checking for custom filters in /data/filter.d...
today at 10:26 PM Add custom filter authelia.conf...
today at 10:26 PM Add custom filter bitwarden-admin.conf...
today at 10:26 PM WARNING: bitwarden.conf already exists and will be overriden
today at 10:26 PM Add custom filter bitwarden.conf...
today at 10:26 PM WARNING: traefik-auth.conf already exists and will be overriden
today at 10:26 PM Add custom filter traefik-auth.conf...
today at 10:26 PM Add custom filter traefik-botsearch.conf...
today at 10:26 PM 2020-09-05 22:26:38,592 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,593 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
today at 10:26 PM 2020-09-05 22:26:38,594 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
today at 10:26 PM 2020-09-05 22:26:38,594 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock
today at 10:26 PM 2020-09-05 22:26:38,594 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to /data/fail2ban.log
today at 10:26 PM 2020-09-05 22:26:38,597 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,597 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf']
today at 10:26 PM 2020-09-05 22:26:38,607 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf']
today at 10:26 PM 2020-09-05 22:26:38,607 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf']
today at 10:26 PM 2020-09-05 22:26:38,608 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
today at 10:26 PM 2020-09-05 22:26:38,609 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/authelia.conf']
today at 10:26 PM 2020-09-05 22:26:38,611 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/bitwarden.conf']
today at 10:26 PM 2020-09-05 22:26:38,612 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/traefik.conf']
today at 10:26 PM 2020-09-05 22:26:38,612 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/authelia.conf', '/etc/fail2ban/jail.d/bitwarden.conf', '/etc/fail2ban/jail.d/traefik.conf']
today at 10:26 PM 2020-09-05 22:26:38,620 fail2ban.configreader [1]: INFO Loading configs for filter.d/bitwarden under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,620 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/bitwarden.conf']
today at 10:26 PM 2020-09-05 22:26:38,621 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf']
today at 10:26 PM 2020-09-05 22:26:38,622 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.local']
today at 10:26 PM 2020-09-05 22:26:38,622 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/bitwarden.conf']
today at 10:26 PM 2020-09-05 22:26:38,624 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-allports under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,624 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-allports.conf']
today at 10:26 PM 2020-09-05 22:26:38,625 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
today at 10:26 PM 2020-09-05 22:26:38,626 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
today at 10:26 PM 2020-09-05 22:26:38,626 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
today at 10:26 PM 2020-09-05 22:26:38,626 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-allports.conf']
today at 10:26 PM 2020-09-05 22:26:38,628 fail2ban.configreader [1]: INFO Loading configs for filter.d/traefik-auth under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,628 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/traefik-auth.conf']
today at 10:26 PM 2020-09-05 22:26:38,629 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/traefik-auth.conf']
today at 10:26 PM 2020-09-05 22:26:38,631 fail2ban.configreader [1]: INFO Loading configs for filter.d/authelia under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,632 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/authelia.conf']
today at 10:26 PM 2020-09-05 22:26:38,633 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/authelia.conf']
today at 10:26 PM 2020-09-05 22:26:38,635 fail2ban.configreader [1]: INFO Loading configs for filter.d/traefik-botsearch under /etc/fail2ban
today at 10:26 PM 2020-09-05 22:26:38,636 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/traefik-botsearch.conf']
today at 10:26 PM 2020-09-05 22:26:38,637 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/botsearch-common.conf']
today at 10:26 PM 2020-09-05 22:26:38,637 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/botsearch-common.conf', '/etc/fail2ban/filter.d/traefik-botsearch.conf']
today at 10:26 PM Server ready
Jail.d/Bitwarden.conf
[DEFAULT]
ignoreip = 127.0.01/8 192.168.0.0.22
bantime = 3600
findtime = 3600
maxretry = 3
action = iptables-allports[name=bitwarden, DOCKER]
[bitwarden]
enabled = true
port = 80,443,8089,3012
filter = bitwarden
#action = iptables-allports[name=bitwarden, DOCKER-USER]
action = iptables-allports[name=bitwarden, chain=DOCKER-USER]
#action = iptables-allports[name=bitwarden]
#chain = DOCKER-USER
logpath = /bitwarden.log
#maxretry = 3
#bantime = 3600
#findtime = 3600
[bitwarden-admin]
enabled = false
port = 80,443,8081
filter = bitwarden-admin
##action = iptables-allports[name=bitwarden, chain=forward]
action = iptables-allports[name=bitwarden, DOCKER-USER]
#action = iptables-allports[name=bitwarden]
#chain = DOCKER-USER
logpath = /bitwarden.log
#maxretry = 3
#bantime = 3600
#findtime = 3600
filter.d/bitwarden.conf
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =
IPTables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.22.0.108 tcp dpt:ttat3lb
ACCEPT tcp -- anywhere 172.22.0.101 tcp dpt:cslistener
ACCEPT tcp -- anywhere 172.22.0.109 tcp dpt:8089
ACCEPT tcp -- anywhere 172.22.0.109 tcp dpt:twsdss
ACCEPT tcp -- anywhere 172.22.0.107 tcp dpt:intermapper
ACCEPT tcp -- anywhere 172.22.0.103 tcp dpt:webcache
ACCEPT tcp -- anywhere 172.22.0.102 tcp dpt:webcache
ACCEPT tcp -- anywhere 172.22.0.111 tcp dpt:31337
ACCEPT tcp -- anywhere 172.33.0.4 tcp dpt:hbci
ACCEPT tcp -- anywhere 172.22.0.105 tcp dpt:sunwebadmins
ACCEPT tcp -- anywhere 172.22.0.106 tcp dpt:owms
ACCEPT tcp -- anywhere 172.22.0.104 tcp dpt:5076
ACCEPT tcp -- anywhere 172.22.0.114 tcp dpt:tproxy
ACCEPT tcp -- anywhere 172.22.0.114 tcp dpt:webcache
ACCEPT tcp -- anywhere 172.22.0.114 tcp dpt:https
ACCEPT tcp -- anywhere 172.22.0.114 tcp dpt:http
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
f2b-bitwarden tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-bitwarden (1 references)
target prot opt source destination
REJECT all -- 148.252.132.248 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
IP should be banned
IP is added to IPtables, but still has access
docker --version
) : Docker version 19.03.5, build 633a0ea838docker-compose --version
) : docker-compose version 1.24.1, build 4667896uname -a
) :docker-compose.yml
, .env
, ...Client:
Debug Mode: false
Server:
Containers: 29
Running: 28
Paused: 0
Stopped: 1
Images: 30
Server Version: 19.03.5
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.19-100.fc27.x86_64
Operating System: Fedora 27 (Twenty Seven)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.37GiB
Name: HDA
ID: Q4JX:I4DV:JYBQ:V35U:7SZG:FIQG:RPJR:5VGZ:TTSC:P5W3:EFBG:IYAJ
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: modem7
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.