Interworx Managed Fail2Ban

marco114 · July 31, 2020, 6:08am

I’d love it if Interworx would Implement Fail2Ban and have selectable rules.

I have written some qmail rules for Fail2Ban, but we need many others like Webmail, MySQL, ProFTPd, SFTP, even Apache Rules for various bots.

If anyone wants to contribute or make them better, please feel free. Maybe even a plugin!

d2d4j · July 31, 2020, 10:44am

Hi Marco114

Kudos to you. Its great to see other devs posting

You maybe interested in configservers CSF and CSX for interworx. CSF is free (Kudos to configservers) but CSX does cost a little. However, very much worth the cost and both work lovely. We use it on our production servers and it saves so much time.

Many thanks

John

https://www.configserver.com/cp/csf.html

https://www.configserver.com/cp/cxs.html

marco114 · July 31, 2020, 10:50am

That looks amazing… Thanks for the link!

sysnop · August 5, 2020, 7:49am

Much appreciated! I’ve never been able to get a variety of Qmail filters to work so it’s good to know about yours. I’m not a fan of Fail2ban but sometimes I’ll use it anyway.

The 0.11 branch of Fail2ban from EPEL comes with lots of preset filters that include services you mentioned. sshd always works where as others may need tweaking. Most Apache jails should work straight away if log paths are right.

mdeinhardt · September 9, 2020, 11:33am

Fail2ban has been on my todo-list for so long, this is a great incentive to do it. Thanks for posting your rules, marco114.

John, CSF sounds great too. They are writing “UI Integration for InterWorx” in the description, is that true resp. how does this work?
Does it come with pre-configured rules? Or is securing everything basically the same work as with fail2ban, but with a GUI?

Cheers,
Michael

d2d4j · September 9, 2020, 1:42pm

Hi Michael

Many thanks. CSF works lovely and has a gui (for most settings) so is easy to configure. There is an awful lot of options though, ports UDP/TCP, IPv4 IPv6 email, interworx, FTP SSH etc failures, maxmind I think is an option as well as country banning etc… DDOS and lots more. There are defaults but you can tweek them as needed and there are a few members using CSF/LFD. Install is a breeze and you can even allow resellers to unblock IP addresses so your not bothered by requests

If your not sure, let me know and I’ll send a 1 User licence to test or as we did first, tested using one of our DNS servers using 1 user licence

There is also CSX, which replaces maldet and has a GUI, works very very well and even deletes files before been able to activate (tested using iecar test files. Well worth the money

If you want to look at one of servers, just let me know and we give you access to a new server nearing production status with CSF and CSX installed

Many thanks

John