Scribd
Upload
168 views6 pages

Fail2Ban Fail2Ban: Setup Setup

This document outlines steps to setup Fail2Ban and ClamAV on a server. It includes: 1. Creating a basic login and validation PHP page for Fail2Ban monitoring. 2. Configuring Fail2Ban to block IPs after 3 failed login attempts for 5 minutes. 3. Adding a redirect action in Fail2Ban to send blocked IPs to a simple banned page served on port 8080. 4. Creating an upload PHP page integrated with ClamAV to scan files on upload for viruses. 5. Configuring ClamAV freshclam and clamd services to regularly update virus definitions and run as a daemon for file scanning.

Uploaded by

iFellixe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
168 views6 pages

Fail2Ban Fail2Ban: Setup Setup

This document outlines steps to setup Fail2Ban and ClamAV on a server. It includes: 1. Creating a basic login and validation PHP page for Fail2Ban monitoring. 2. Configuring Fail2Ban to block IPs after 3 failed login attempts for 5 minutes. 3. Adding a redirect action in Fail2Ban to send blocked IPs to a simple banned page served on port 8080. 4. Creating an upload PHP page integrated with ClamAV to scan files on upload for viruses. 5. Configuring ClamAV freshclam and clamd services to regularly update virus definitions and run as a daemon for file scanning.

Uploaded by

iFellixe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Fail2Ban

Setup

1. Update to the latest

apt-get update -y

2. Install Apache, PHP and Fail2Ban

apt-get install apache2 php fail2ban -y

3. Stop Fail2ban service

systemctl stop fail2ban

4. Create Login Page

<html>
<body>
<form method="post" action="validate.php">
Username: <input type="text"
name="username"><br>
Password: <input type="password"
name="password"><br>
OTP:<input type="text" name="c"><br>
<input type="submit" name="submit">
</form>
</body>
</html>

5. Create Validate.php Page

<?php
$code = $_POST['c'];
$username = $_POST['username'];
$password = $_POST['password'];
require_once('rfc6238.php');
$secretkey = 'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ';
$currentcode = $code;
$tanggal = date('M j H:i:s');
$remote_ip = $_SERVER['REMOTE_ADDR'];
if (TokenAuth6238::verify($secretkey, $currentcode)) {
if($username == 'student' && $password == 'password') {
echo "Code is valid\n";
} else {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "username and password is invalid";
}
} else {
if($username == 'student' && $password == 'password') {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "Invalid code\n";
} else {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "Credentials is invalid";
}
}
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('riza', 'riza.my.id', $secretkey, 'Riza%20TFA'));
?>

6. Download Library for OTP


sudo wget -O /var/www/html/rfc6238.php https://raw.githubusercontent.com/Voronenko/PHPOTP/master/code
/rfc6238.php

sudo wget -O /var/www/html/base32static.php https://raw.githubusercontent.com/Voronenko/PHPOTP/master/code/base32static.php

7. Configure Fail2Ban

nano /etc/fail2ban/jail.local

/etc/fail2ban/jail.local

## Block IP when login failed 3x


[php-login]
enabled = true
port = http
filter = php-login
banaction = iptables-redirect
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 5m

nano /etc/fail2ban/filter.d/php-login.conf

/etc/fail2ban/filter.d/php-login.conf

[Definition]
failregex = .* - <HOST> - GAGAL LOGIN

nano /etc/fail2ban/action.d/iptables-redirect.conf

/etc/fail2ban/action.d/iptables-redirect.conf

[INCLUDES]

before = iptables-common.conf

[Definition]
actionban = iptables -t nat -A PREROUTING -p <protocol> -s <ip> --dport <port> -j REDIRECT --to-port 8080

actionunban = iptables -t nat -D PREROUTING -p <protocol> -s <ip> --dport <port> -j REDIRECT --to-port 8080

[Init]
port = http
protocol = tcp

8. Start Fail2ban service

systemctl start fail2ban

9. Configure Apache for Banned Page on port 8080

nano /etc/apache2/sites-enabled/000-default.conf

/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/banned
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule . /index.php [L]
</IfModule>
</VirtualHost>

...

nano /etc/apache2/ports.conf

/etc/apache2/ports.conf

...

Listen 8080

...

Restart Apache2

sudo a2enmod rewrite

systemctl restart apache2

10. Add Banned Page for port 8080

mkdir -p /var/www/banned
nano /var/www/banned/index.php

/var/www/banned/index.php

<html>
<body>
<h1>Maaf, akses kami blokir, silahkan coba lagi 5 menit lagi</h1>
</body>
</html>

ClamAV
Setup

1. Change Validate Page to Redirect to Upload Page

nano /var/www/html/validate.php

/var/www/html/validate.php
<?php
$code = $_POST['c'];
$username = $_POST['username'];
$password = $_POST['password'];
require_once('rfc6238.php');
$secretkey = 'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ';
$currentcode = $code;
$tanggal = date('M j H:i:s');
$remote_ip = $_SERVER['REMOTE_ADDR'];
if (TokenAuth6238::verify($secretkey, $currentcode)) {
if($username == 'student' && $password == 'password') {
header('Location: /upload.php');
} else {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "username and password is invalid";
}
} else {
if($username == 'student' && $password == 'password') {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "Invalid code\n";
} else {
error_log("$tanggal - $remote_ip - GAGAL LOGIN");
echo "Credentials is invalid";
}
}
print sprintf('<img src="%s"/>',TokenAuth6238::getBarCodeUrl('riza', 'riza.my.id', $secretkey, 'Riza%20TFA'));
?>

2. Create Upload Page

nano /var/www/html/upload.php

/var/www/html/upload.php
<html>
<head>
<title>Upload File</title>
</head>
<body>
<?php
require "Clamav.php";
$clamav = new Clamav();
if(isset($_POST['upload'])) {
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = "/var/www/html/files/";
$result = move_uploaded_file($tmpName, $filePath.$fileName);
if (!$result)
die("Error uploading file $tmpName to $fileName");
if(!get_magic_quotes_gpc()) {
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
if(!$clamav->scan($filePath.$fileName)) {
unlink($filePath.$fileName);
die("File bervirus");
}
echo "<br>File $fileName uploaded<br>";
}
?>
<form method="post" enctype="multipart/form-data" name="uploadform">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000880">
<input name="userfile" type="file" class="box" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>

3. Create Directory Files

mkdir -p /var/www/html/files
chown www-data:www-data /var/www/html/files

4. Disable PHP Engine

nano /var/www/html/files/.htaccess

/var/www/html/files/.htaccess

php_flag engine off

5. Download Library for ClamAV PHP

wget -O /var/www/html/Clamav.php https://raw.githubusercontent.com/kissit/php-clamav-scan/master/Clamav.php

6. Configure Freshclam

freshclam

7. Configure ClamAV - Daemon


mkdir -p /var/run/clamav

nano /etc/clamav/clamd.conf

/etc/clamav/clamd.conf

TCPSocket 3310
TCPAddr 127.0.0.1
LocalSocket /var/run/clamav/clamd.ctl
User root

clamd -c /etc/clamav/clamd.conf

You might also like