Re: [Bacula-users] Any suggestions for fail2ban jail for Bacula Director ?

Wed, 03 Apr 2024 09:33:46 -0700

Nothing against fail2ban, which is quite good at mitigating brute force and dictionary attacks against password protection, but for opening Dir to the public internet, I would most definitely suggest looking into using TLS certificates issued by your own private CA instead. 

On 4/2/24 19:05, MylesDearBusiness via Bacula-users wrote:

I nailed this.


I created a cron job that, every ten minutes or so, runs "journalctl 
-u bacula-dir > /opt/bacula/log/bacula-dir-journal.log" (since I 
opened bacula-dir's firewall port up to the public internet).



I then created a fail2ban jail that scanned for authentication failure 
patterns and banned (via temporary firewall rules) users who 
repeatedly failed to log in successfully.


root:/etc/fail2ban/jail.d# cat bacula.conf
[bacula]
enabled  = true
port     = 9101
filter   = bacula
logpath  = /opt/bacula/log/bacula-dir-journal.log
maxretry = 10
findtime = 3600
bantime  = 900
action = iptables-allports

root:/etc/fail2ban/filter.d# cat /etc/fail2ban/filter.d/bacula.conf

# Fail2Ban filter for Bacula Director
[Definition]
failregex = Hello from client:<HOST> is invalid
ignoreregex =

root:/etc/fail2ban/filter.d#

Best,

<Myles>

On 2023-12-04 12:22 p.m., MylesDearBusiness wrote:

Hello,

I just installed Bacula director on one of my cloud servers.


I have set the firewall to allow traffic in/out of port 9101 to allow 
it to be utilized to orchestrate remote backups as well.



What I want to do is to identify the potential attack surface and 
create a fail2ban jail configuration.


Does anybody have an exemplar that I can work with?


Also, is there a way to simulate a failed login attempt with a tool 
such as netcat?  I could possibly use PostMan and dig into the REST 
API spec, but I was hoping the community would be able to shortcut 
this effort.


What say you?

Thanks,

<Myles>




_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users






















					Reply via email to