Fail2ban use log system to detect incoming entries with regex filter You have to use a filter file in filter.d dir to filter on journald logs (or specific log file ) to specify what log entry you want to use to identify Bacula-dir entry and then link action.d to ban IP in jail.conf
There is a lot of default filter in filter.d dir that you can look for similar work using some other daemons. In jail.conf to activate the filter by adding a [Bacula] section with filter, action etc... It's not easy to use. Hope it can help But allowing only your white ip's in an iptables rules can be the simplest way (or blocking from everywhere) -----Message d'origine----- De : Martin Simmons <mar...@lispworks.com> Envoyé : mardi 5 décembre 2023 14:18 À : MylesDearBusiness <md...@mpwrware.ca> Cc : bacula-users@lists.sourceforge.net Objet : Re: [Bacula-users] Any suggestions for fail2ban jail for Bacula Director ? AFAIK, incoming director connections only come from bconsole, monitors and clients that use "Client Initiated Backup" or "Client Behind NAT" (Connect To Director) in bacula-fd.conf. So maybe you don't need to allow incoming connections from everywhere? __Martin >>>>> On Mon, 04 Dec 2023 17:22:29 +0000, MylesDearBusiness via Bacula-users >>>>> said: > > Hello, > > I just installed Bacula director on one of my cloud servers. > > I have set the firewall to allow traffic in/out of port 9101 to allow > it to be utilized to orchestrate remote backups as well. > > What I want to do is to identify the potential attack surface and > create a fail2ban jail configuration. > > Does anybody have an exemplar that I can work with? > > Also, is there a way to simulate a failed login attempt with a tool > such as netcat? I could possibly use PostMan and dig into the REST > API spec, but I was hoping the community would be able to shortcut this > effort. > > What say you? > > Thanks, > > <Myles> > > > > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
