Jump to content
  • 0

[Solved] Fail2Ban support?


AdmiralMorketh

Question

Posted

Now this might be a little bit random however once these servers get released in to the wild i would think that having some security systems available would be not only helpful to the community but indeed more secure as well.

from there wiki page

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

now i guess my resulting question here is is it possible for MaNGOs to log failed account sign-ins with IP address? if that could be sent to a log file the rest is a little bit of Bash-Fu and some tweaking with iptables to secure a server from attempted exploits and hacking. not really a high priority question more of a bit of rambling and ideas on a whiteboard approach.

3 answers to this question

Recommended Posts

Posted

If you look in the RealmDB, there are already two mechanism's in place to ban players

Tables

Account_banned

and ip_banned

placing entries in these should achieve what you are after

Posted

well that is almost exactly what i was looking for. Fail2Ban is a some what automated system and i think i could rig something to pull down some IP address for my firewall i honestly completly forgot there was a table to help with banning however this doesnt really answer the number of failed log in attempts aspect of the question. Unless there is some sort of option in the server/database/configuration files i have overlooked.

essentialy what im after is a scenario like the following:

user attempts to log in 5 times with wrong password

mangos tells fail2ban about the number of failed logins (this is the part that's pretty unclear to me)

fail2ban adds IP adress and Account names to database (using the unbandate field to automatically unban them)

fail2ban then adds the IP address into the firewall to block the address from contacting the server on every other port in the even they are trying to find exploits

after there ban time expires fail2ban will pull them out of the firewall and the server will remove them from the database

so far adding the Ipaddress and account name is done manualy? or is there an Intrusion Detection System built into Mangos? if there is not an Intrusion Detection system built in how would i go about relaying failed log ins to my IDS of choice? i would rather not add them to my tables by hand in the event the server is under an attack i would not be fast enough in getting them into the ban tables in order to stop an intruder.

Posted

Actualy i found the information while building another test environment

Inside the realmd.conf

WrongPass.MaxCount = 0

WrongPass.BanTime = 600

WrongPass.BanType = 0

After this its just a matter of Bash-Fu.

Id like to mark this as [solved]

not sure how to do that. i don't see an option for it :confused:

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use