PBS und Fail2ban funktioniert nicht.

[achim22]

Nabend, ich möchte von dem PBS das web interface absichern und bin nach diesem HowToo vorgegangen, den Port habe ich auf 8007 geändert!
https://pve.proxmox.com/wiki/Fail2ban


Leider wird die IP, nach 3 Versuchen, nicht für eine Std. gesperrt! Kann es sein das es auf dem PBS nicht geht, sondern nur auf dem PVE ?

root@pbs:~# fail2ban-regex /var/log/daemon.log /etc/fail2ban/filter.d/proxmox.conf

Running tests
=============

Use   failregex filter file : proxmox, basedir: /etc/fail2ban
Use         log file : /var/log/daemon.log
Use         encoding : UTF-8


Results
=======

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1091] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-

Lines: 1091 lines, 0 ignored, 0 matched, 1091 missed
[processed in 0.12 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 1091 lines
root@pbs:~#

unter /var/log/daemon.log sind die Versuche protokoliert.

Mar 21 20:10:49 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.168.178.20]:52022 user=rrrfgAASCAS@pam msg=user account disabled or expired.
Mar 21 20:10:54 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCAS@pam msg=user account disabled or expired.
Mar 21 20:11:05 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCAS@pam msg=user account disabled or expired.
Mar 21 20:11:11 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCAS@pam msg=user account disabled or expired.
Mar 21 20:11:16 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCAS@pam msg=user account disabled or expired.
Mar 21 20:11:32 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCASsaxca<sxc@pam msg=user account disabled or expired.
Mar 21 20:11:40 pbs proxmox-backup-api[1535]: authentication failure; rhost=[::ffff:192.xxxxxxxxx]:52022 user=rrrfgAASCASsaxca<sxc@pam msg=user account disabled or expired.

 

[Matthias.]

That wiki page is only valid for PVE (reason why it's on the "pve" subdomain).
PBS has its own wiki, but we currently have no information on fail2ban there: https://pbs.proxmox.com/wiki/index.php/Main_Page

It shouldn't be too difficult to figure out the rules yourself, and you could try out something like https://github.com/inettgmbh/fail2ban-proxmox-backup-server
No guarantee that it works, just found it on the internet

 

[mhadm]

That works, he forgot the filter line in the github repo

filter.d/pbs-web-aut.conf

[INCLUDES]

before = common.conf

[Definition]

__suffix_failed_login = (AUTH_ERR|invalid credentials|user account disabled or expired).?

failregex = authentication failure; rhost=\[<HOST>\]:\d+ user=.* msg=%(__suffix_failed_login)s

ignoreregex =

jail.d/pbs-web-aut.conf

[pbs-web-aut]
enabled = true
port = https,http,8007
filter = pbs-web-aut
logpath = /var/log/proxmox-backup/api/auth.log
maxretry = 2
bantime = 3600