Monitoring your fail2ban ban web GUI.
Source github : https://github.com/Sean-Der/fail2rest and https://github.com/Sean-Der/fail2web
While in theory it would be nice to have every network service behind a LAN/certificate that isn't always possible. Many protocols don't have certificate authentication, and even if they do maybe your client doesn't support it. So you are left with password authentication, but what happens when someone uses a 4 char password... and an attacker is able to guess 1000 times every minute? Seems like a complicated problem, but not with fail2ban! The following description is lifted from the fail2ban documentation.
However, once I installed fail2ban I found myself locking myself out of my servers all the time! I would setup a SIP client to use the wrong password, and would spend way to much time debugging what was wrong! With fail2web, that is all a thing of the past! fail2web is a mobile first GUI to fail2ban, that allows you to view who is currently banned, test regexes and view graphs on past bans.
Even though this tutorial is written for Ubuntu/Debian, it should work on any host that has Golang and fail2ban (All Unixes). You might have to deviate from this tutorial, but it should covert most of it.
First we need to install fail2rest, the daemon that communicates with fail2ban. The backend requires the Go programming language, and git to download it. If you have never used Go before you can follow this verbatim, adjust as needed if you already have a Gopath set.
sudo apt-get install golang git gcc
go get github.com/Sean-Der/fail2rest
cd $GOPATH/src/github.com/Sean-Der/fail2rest
sudo -E go run *.go
Check the startup script for debian
If everything worked this program should just run forever! We will update it to run as a service later, but make sure it is working first. Run wget -qO- -- "localhost:5000/global/ping"
if that returns "pong" you have a running fail2rest instance!
Next we are going to install fail2web in /var/www/fail2web, later we will access this via apache
git clone --depth=1 https://github.com/Sean-Der/fail2web.git /var/www/fail2web
Congrats, you are almost done! You now have all the moving parts, all that is left is to serve it via Apache
sudo apt-get install apache2 apache2-utils
sudo htpasswd -c /var/www/htpasswd YOUR_USERNAME
sudo a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html
Then with your text editor of choice create /etc/apache2/sites-enabled/fail2web.conf
with the following content. Make sure to replace fail2web.yourserver.name
<VirtualHost *:80>
ServerName fail2web.yourserver.com ##CHANGE THIS
DocumentRoot /var/www/fail2web/web
<Location />
AuthType Basic
AuthName "Restricted"
AuthBasicProvider file
AuthUserFile /var/www/htpasswd
Require valid-user
</Location>
ProxyPass /api http://127.0.0.1:5000
</VirtualHost>
Restart Apache!
fail2web should now be accessible via the ServerName you chose above
#!/bin/sh
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
fi
### BEGIN INIT INFO
# Provides: fail2rest
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: fail2ban
# Should-Stop: fail2ban
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: fail2rest initscript
# Description: fail2rest is a small
# REST server that aims
# to allow full administration
# of a fail2ban server via HTTP
#
### END INIT INFO
USER="root"
#FIXME your GOPATH
GOPATH="YOUR/GOPATH/Projects/"
WORKDIR="/var/run/fail2ban"
#FIXME path to your fail2rest binary
DAEMON="$GOPATH/bin/fail2rest"
CONFIG="/etc/fail2rest.json"
# Author: Sean DuBois <sean@siobud.com>
#
DESC="fail2ban REST server"
NAME="fail2rest"
case "$1" in
start)
echo "Starting $NAME ..."
if [ -f "$WORKDIR/$NAME.pid" ]
then
echo "Already running according to $WORKDIR/$NAME.pid"
exit 1
fi
cd "$WORKDIR"
export GOPATH="$GOPATH"
export PATH="PATH=/usr/sbin:/usr/bin:/sbin:/bin:$GOPATH/bin"
/bin/su -m -l root -c " $DAEMON --config $CONFIG" > "$WORKDIR/$NAME.log" 2>&1 &
PID=$!
echo $PID > "$WORKDIR/$NAME.pid"
echo "Started with pid $PID - Logging to $WORKDIR/$NAME.log" && exit 0
;;
stop)
echo "Stopping $NAME ..."
if [ ! -f "$WORKDIR/$NAME.pid" ]
then
echo "Already stopped!"
exit 1
fi
PID=`cat "$WORKDIR/$NAME.pid"`
kill $PID
rm -f "$WORKDIR/$NAME.pid"
echo "stopped $NAME" && exit 0
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
if [ -f "$WORKDIR/$NAME.pid" ]
then
PID=`cat "$WORKDIR/$NAME.pid"`
if [ "$(/bin/ps --no-headers -p $PID)" ]
then
echo "$NAME is running (pid : $PID)" && exit 0
else
echo "Pid $PID found in $WORKDIR/$NAME.pid, but not running." && exit 1
fi
else
echo "$NAME is NOT running" && exit 1
fi
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|restart|status}" && exit 1
;;
esac
exit 0