Protecting Proxmox VE Against Bruteforce With Fail2ban

Proxmox is a virtualization management solution that allows the deployment of Virtual Machines (KVM) & Containers (LXC Containers).

Protecting Proxmox Login against Brute Force with Fail2ban

In this tutorial, Proxmox VE 4 is used which is Linux Jessie based.

Start by installing fail2ban:

sudo apt-get install fail2ban

Create the jail configuration file:

sudo vi /etc/fail2ban/jail.local
## Starting Proxmox VE 4 ##
# (Don't put comments next to values)
[proxmox]
enabled = true
port = 8006
filter = proxmox
logpath = /var/log/daemon.log
#Ban after 5 wrong retries
maxretry = 5
# Ban for 1 day (in seconds)
bantime = 86400
## END Proxmox VE 4 ##

Create the filter:

sudo vi /etc/fail2ban/filter.d/proxmox.conf
## Proxmox VE4 fail2ban filter
[Definition]
failregex = pvedaemon[.*authentication failure; rhost=<HOST> user=.*msg=.*
ignoreregex =

Restart fail2ban:

systemctl restart fail2ban

Enable fail2ban to start after a reboot:

systemctl enable fail2ban

You can check the fail2ban log in:

sudo vi /var/log/fail2ban.log

Questions, please post them below!

Leave a Reply

Your email address will not be published. Required fields are marked *