Jdiesel 1113 Posted November 6, 2017 Share Posted November 6, 2017 I was curios about setting up fail2ban on my server as an added layer off protection but have a few questions. Do I need to run a reverse proxy with apache to use it? Can I also use it to monitoring ssh attempts? Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted November 6, 2017 Share Posted November 6, 2017 I was curios about setting up fail2ban on my server as an added layer off protection but have a few questions. Do I need to run a reverse proxy with apache to use it? Can I also use it to monitoring ssh attempts? You need a proxy, whether apache or nginx. It monitors the access log of the web server to determine what to ban. Yes, it works with sshd. And once it's set up, you'll be shocked at the amount of activity on that port. I'm banning constantly. Link to comment Share on other sites More sharing options...
Swynol 375 Posted November 6, 2017 Share Posted November 6, 2017 any way to view IP connections with nginx? Link to comment Share on other sites More sharing options...
horstepipe 356 Posted March 19, 2018 Share Posted March 19, 2018 Hey would anybody be so kind and share his/her fail2ban config for Emby Server behind nginx? Link to comment Share on other sites More sharing options...
all4dom 73 Posted March 19, 2018 Share Posted March 19, 2018 So if I understand this correctly, fail2ban will tell me if there attempts to log into my system by anyone or anything? Link to comment Share on other sites More sharing options...
dcrdev 251 Posted March 19, 2018 Share Posted March 19, 2018 So if I understand this correctly, fail2ban will tell me if there attempts to log into my system by anyone or anything? Not only that - it will actively block them. @ OP - I'd post my config, but I'm using Apache and not nginx. Link to comment Share on other sites More sharing options...
chef 3745 Posted March 19, 2018 Share Posted March 19, 2018 Will this work with Caddy? Link to comment Share on other sites More sharing options...
dcrdev 251 Posted March 19, 2018 Share Posted March 19, 2018 (edited) Will this work with Caddy? If it produces log files and you're handy with regular expression then yes! Edited March 19, 2018 by dcrdev Link to comment Share on other sites More sharing options...
CBers 6766 Posted March 19, 2018 Share Posted March 19, 2018 So "wail2ban" is the Windows equivalent. How does it know legitimate connections from bad ones? Link to comment Share on other sites More sharing options...
dcrdev 251 Posted March 19, 2018 Share Posted March 19, 2018 So "wail2ban" is the Windows equivalent. How does it know legitimate connections from bad ones? It looks for patterns from certain ip addresses based on the requests and also in some cases the response code delivered from the server i.e. unauthorised responses. Link to comment Share on other sites More sharing options...
CBers 6766 Posted March 19, 2018 Share Posted March 19, 2018 It looks for patterns from certain ip addresses based on the requests and also in some cases the response code delivered from the server i.e. unauthorised responses. So is it fully automatic? Can you whitelist IP addresses? Link to comment Share on other sites More sharing options...
Jdiesel 1113 Posted March 19, 2018 Author Share Posted March 19, 2018 So is it fully automatic? Can you whitelist IP addresses? For some services like SSH it is pretty much good to go out of the box. For services like Emby you would need to create your own jail so it knows what to look for in the logfiles. As of right now it takes a fair amount of setup. Once running it is automated. For example on my server after 3 failed SSH login attempts a temporary rule is added to my firewall to block that IP address for 60 minutes. After 60 minutes the rule is removed. 1 Link to comment Share on other sites More sharing options...
Guest asrequested Posted March 19, 2018 Share Posted March 19, 2018 If I ever get the Unifi app server, I'd like to try running that on it. Can it run as standalone, or does it need to be intergrated with a proxy? Link to comment Share on other sites More sharing options...
Jdiesel 1113 Posted March 19, 2018 Author Share Posted March 19, 2018 If I ever get the Unifi app server, I'd like to try running that on it. Can it run as standalone, or does it need to be intergrated with a proxy? I don't believe it needs to be run with a proxy but it would likely make things much easier as you aren't starting from scratch. As far as I know you can point it at any log file granted you have configured the jail to parse the logfile correctly. Link to comment Share on other sites More sharing options...
Guest asrequested Posted March 19, 2018 Share Posted March 19, 2018 So it sounds like I can use it with the Unifi controller logs? I really want to get that app server. So that'll be something I'll look at. Link to comment Share on other sites More sharing options...
CBers 6766 Posted March 19, 2018 Share Posted March 19, 2018 I don't believe it needs to be run with a proxy but it would likely make things much easier as you aren't starting from scratch. As far as I know you can point it at any log file granted you have configured the jail to parse the logfile correctly. So just point it at the nginx log? Link to comment Share on other sites More sharing options...
dcrdev 251 Posted March 19, 2018 Share Posted March 19, 2018 So just point it at the nginx log? Yep. 1 Link to comment Share on other sites More sharing options...
CBers 6766 Posted March 19, 2018 Share Posted March 19, 2018 So "wail2ban" is the Windows equivalent. Doesn't look like "wail2ban" is maintained any longer. https://github.com/glasnt/wail2ban Link to comment Share on other sites More sharing options...
Guest asrequested Posted March 19, 2018 Share Posted March 19, 2018 The Unifi app server is run on Ubuntu. That's why I'm interested in this. Having said that, the Unifi controller now has the IPS, which should be pretty much the same thing. So by the time I get it, fail2ban may be redundant. Link to comment Share on other sites More sharing options...
Luke 36999 Posted March 29, 2018 Share Posted March 29, 2018 This may help with fail2ban: https://emby.media/community/index.php?/topic/57525-33111-log-file-rotation Link to comment Share on other sites More sharing options...
PrincessClevage 173 Posted January 2, 2019 Share Posted January 2, 2019 Would any one be able to point me to a guid to setup wail2ban on win10 please? I have the out of the box running but that only monitors for failed attempts to rdp and sql sessions. Do I modify the config file to look at the emby log directory and a line for auth failed attempts? Link to comment Share on other sites More sharing options...
rbjtech 4220 Posted January 5, 2019 Share Posted January 5, 2019 Would any one be able to point me to a guid to setup wail2ban on win10 please? I have the out of the box running but that only monitors for failed attempts to rdp and sql sessions. Do I modify the config file to look at the emby log directory and a line for auth failed attempts? From my limited powershell script skills - I believe wail2ban.ps1 is only setup to read from the Windows Event Log entries - I see no ps script for reading external log files such as embyserver.txt - thus without modification, I don't think wail2ban will work with emby. Ideally I would like Emby to log system events to the Windows Event log - but I think that is a big undertaking for the Emby team and probably not a priority for them .. Link to comment Share on other sites More sharing options...
mastrmind11 717 Posted January 5, 2019 Share Posted January 5, 2019 i can't see how logging to the event log is a big undertaking. if C# is anything like any other non-.net programming language, you choose your logger based on the environment. Link to comment Share on other sites More sharing options...
silver_2000 3 Posted February 12, 2019 Share Posted February 12, 2019 Ive got fail2ban running on synology Now trying to figure out how to point fail2ban to the emby logs Link to comment Share on other sites More sharing options...
silver_2000 3 Posted February 12, 2019 Share Posted February 12, 2019 Ok I found it , just add this to jail.local [emby] enabled = true port = 8920,8096 logpath =/var/packages/EmbyServer/target/var/logs/embyserver.txt This is VERY cool, thanks to the community for putting this together. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now