search

SynoCommunity / spksrc

Cross compilation framework to create native packages for the Synology's NAS
https://synocommunity.com
Other
3.01k stars 1.23k forks source link

[Package Request] fail2ban #5491

Open lordvandal opened 1 year ago

lordvandal commented 1 year ago

Software Name

fail2ban

Brief Description

Fail2ban scans log files (e.g. _/var/log/apache/errorlog) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

Website

https://www.fail2ban.org/

Documentation

https://fail2ban.readthedocs.io

Build/Installation documentation

https://github.com/fail2ban/fail2ban#installation Additionally https://github.com/sosandroid/docker-fail2ban-synology -> specifically from there, iptables REJECT blocktype is not supported and must be switched to DROP

Source code

https://github.com/fail2ban/fail2ban

OpenSource License

GPLv2

Other License

No response

hgy59 commented 1 year ago

As shown in #1365 it is not possible to add fail2ban to DSM as it has it's own custom implementation.

So what do you expect? The linked docker-fail2ban-synology shows a solution to use a fail2ban docker container to watch the traffic of another container (bitwarden_rs).

It is not possible to use fail2ban for DSM services and for all other services (SynoCommunity packages) I do not recommend to make those available from the internet, but using a VPN.

lordvandal commented 1 year ago

Hi @hgy59,

Thank you for your quick response.

Regarding #1365, it is actually possible to add fail2ban to DSM, as it has been done before. There is a version of it on community package hub named fail2ban4s. I have it installed on DSM 6.2 and using it for some time now, and I'm reluctant to upgrade to DSM 7.x because I will loose fail2ban.

The docker container solution is only for containers, and it's insufficient for other services. I'm actually using fail2ban to protect DSM services, mainly postfix, VPN (IPsec and openvpn), nginx (for Photo Station), ssh, DSM web UI, and to filter connection attempts with non-existent or empty usernames.

Unfortunately I'm not skilled enough to modify/adapt the fail2ban4s package to work with DSM 7, and it would be very useful to many people, as Synology's Auto Block feature is very limited, with logs full of various attempts completely ignored by Auto Block.

Thanks, lordvandal

hgy59 commented 1 year ago

The fail2ban4s is from

I found a package that runs with root privileges on DSM 7, by manually updating the privilege resource file after installation (this has to be done after installation and after each update, but it seems to be working).

just collection some information