Fail2ban for Proxmox VE4

How to prevent “brute force” on your proxmox GUI ?

Install fail2ban ( apt-get install fail2ban ) , as this article is about Proxmox VE4 which is Jessie-based, I’m considering you’re using Fail2ban 0.8.x.

Create /etc/fail2ban/jail.local with ;

 ##### PROXMOXVE4: START######
 [proxmox]
 enabled = true
 port = 8006
 filter = proxmox
 logpath = /var/log/daemon.log
 maxretry = 2 # this is paranoid
 bantime = 3600 #1h converted in seconds
 ##### PROXMOXVE4: END######

 

Then create  /etc/fail2ban/filder.d/proxmox.conf

# Fail2Ban proxmox VE4
# https://Cedric.NET
#
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.*msg=.*
ignoreregex =

Save both files, restart fail2ban ( service fail2ban restart ) , and you’re all set.

(This protects the GUI on port 8006 ;  SSH rules are activated by default when you install f2b.)

This should keep curious people away from your server.

If you’re really serious about security, you should activate two factor auth on Proxmox.

By combining

  1. A firewall configuration for proxmox,
  2. Fail2ban to avoid brute force,
  3. Two factor authentication for proxmox.

Yo’ll get a pretty secure Proxmox server with a public IP.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *