Home ยป Configure fail2ban in Proxmox

Configure fail2ban in Proxmox

written by Snaky 0 comment 354 views

First of all, download and install fail2ban by using apt command.

apt install fail2ban

Add a new conf file in fail2ban jail.d folder

nano /etc/fail2ban/jail.d/proxmox.conf

Add below lines

[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600

For me, I updated defaults-debian.conf to enhance the control for ssh.

nano /etc/fail2ban/jail.d/defaults-debian.conf

Update as below.


[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600

Then create a filter for Proxmox.

nano /etc/fail2ban/filter.d/proxmox.conf

Add below lines

[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

Restart fail2ban

systemctl restart fail2ban

Make a test, such as access pve by browser and provide incorrect username password, and make a ssh connection for incorrect user password.

Then run below command to see if failed count update or not.

fail2ban-client status sshd
fail2ban-client status proxmox

Refer
https://pve.proxmox.com/wiki/Fail2ban
https://www.linode.com/docs/guides/how-to-use-fail2ban-for-ssh-brute-force-protection/

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.