Fail2ban configuration

JJakaJonas · May 12, 2021, 9:12pm

Hello.

I’m pretty new on this whole HA setup thing and are playing a bit around with it.

The thing is now that the setup grows a bit for every new thing i add to it (duh ) and whit that more insecure.

Then i found fail2ban.
And was thinking… not that secure. But a layer to harden my HA a bit.

So i trued to add it.

But… How do I set i up propper?
Right now i have added it in my configuration file and ssh.

But how do I add more of my stuff?
How do I find the propper name to add to the list?

f4stb00t · May 13, 2021, 12:13pm

Sorry, but your questions are absolutely unclear.

Fail2Ban is a daemon which runs in the backend and analyzes log files. This can be ssh logs for bruteforce attacks, but in fact useless when using keys. Also it can interact with logs of apache, nginx and stuff.

In fact Fail2Ban interacts with iptables and blocks IPs if for example someone tried to bruteforce your login on application xyz.

So what do you want to achieve?

JJakaJonas · May 13, 2021, 2:34pm

My mistanke.

I dont know if I understand it correctly or misunderstood the whole concept.

But as i understand it is it a background service there keeping an eye on failed login attempts on my HA and blocks login attempts from the IP address for some time.

If that is the case i have a few things i wish it to keep an eye on.

Like the HA login, ssh and bitwarden.

JJakaJonas · May 23, 2021, 3:56pm

I have tried to set fail2ban up for some time now and i can’t get it to work.

My setup is

sensor:
  -platform: fail2ban
   file_path: /config/fail2ban.log
   jails:
    - ssh
    - hass-iptables

And I have created an empty file called fail2ban.log in my config folder.

But no matter how many failed login attempts i make does it not block my attempts…

f4stb00t · May 25, 2021, 8:28am

Hi,

can you be a little more precise what you did so far? Have you enabled fail2ban? You have to mv or cp the .conf to .local in /etc/fail2ban
Have you created the jail for hass? What do the logs of fail2ban say?
etc…

JJakaJonas · May 26, 2021, 2:57pm

I’m on the HASSOS on a raspberry pi 3B+
As i understand it from the official guide should fail2ban be integrated to the system (may be that I’m wrong) so as i stater i created the fail2ban.log and pointed to it (the file is empty)

I then created the code above in my configuration file.

I later tried to put the following code in do to i read in another official guide that i needed to implement some http binding i will call it.

http:
  server_host: example.domain.org
  server_port: 1234
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ssl_profile: modern
  use_x_forwarded_for: True
  trusted_proxies:
    - 10.0.0.0/24
  cors_allowed_origins:
    - https://www.home-assistant.io
  ip_ban_enabled: true
  login_attempts_threshold: 5

Real host, port and network is altered for security of my setup.

But that just resulted in me been looked out completely from my home assistent.

f4stb00t · May 26, 2021, 3:01pm

Well I have no idea about hassOS.

But in fact on a Linux machine you have to install fail2ban yourself and you also need to configure it.

check if fail2ban is installed
check if the service is running and has a proper configuration
check if the jails are properly configured in the configuration of fail2ban

JJakaJonas · May 26, 2021, 4:23pm

Here is the information i found about the integration in HASSOS

f4stb00t · May 27, 2021, 8:26am

I would better try to follow this: Fail2Ban - Home Assistant

Or at least compare if those settings are already met in your configuration.

What is the output of: sudo fail2ban-client status

JJakaJonas · May 27, 2021, 9:53am

The output is

bash: sudo: command not found

But that’s the thing.
I don’t believe that it’s a normal linux distro or ducker version.

I don’t have sudo commands and also the only folder i can work in is the config folder.
No others show up in my file editor add-ins.

f4stb00t · May 27, 2021, 12:03pm

When you are already root you dont need to use the “sudo”.

But in fact I have no idea how hassOS is build. I use a normal linux system for my setup, as I have more control over everything. But this is not recommended for beginners I would say.

Even not sure if hassOS is using docker images for HA and so on. Because this would have even a different setup then on fail2ban. Maybe anyone else can tell you more.

JJakaJonas · May 27, 2021, 12:55pm

I’m not sharp in Linux my self but I’m not new to it. I have made webservers in CentOS and used Ubuntu and mint to play around in on client machines.

But the reason for the pi in this setup is do to i had a few laying around that i did not use and stumbled over this fine software and then started to expand on my smart devices.

Back on topic.

When i look in the supervisor log then there’s som lines about ducker.
So maybe there’s a kind of docker implementation in the software.
But can be that the structure of the OS isolate parts for security.