Saturday, April 29, 2017

Protecting Proxmox VE Against Bruteforce With Fail2ban

Proxmox is a virtualization management solution that allows the deployment of Virtual Machines (KVM) & Containers (LXC Containers).

Protecting Proxmox Login against Brute Force with Fail2ban

In this tutorial, Proxmox VE 4 is used which is Linux Jessie based.

Start by installing fail2ban:
sudo apt-get install fail2ban

Create the jail configuration file:
sudo vi /etc/fail2ban/jail.local
## Starting Proxmox VE 4 ##
# (Don't put comments next to values)
enabled = true
port = 8006
filter = proxmox
logpath = /var/log/daemon.log
#Ban after 5 wrong retries
maxretry = 5
# Ban for 1 day (in seconds)
bantime = 86400
## END Proxmox VE 4 ##

Create the filter:
sudo vi /etc/fail2ban/filter.d/proxmox.conf
## Proxmox VE4 fail2ban filter
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.*msg=.*
ignoreregex =

Restart fail2ban:
systemctl restart fail2ban

Enable fail2ban to start after a reboot:
systemctl enable fail2ban

You can check the fail2ban log in:
sudo vi /var/log/fail2ban.log

Questions, please post them below!