Giters

platofan23 / Endlessh_Fail2Ban_Honey_Trap

This project is a filter for Fail2ban to ban anyone accessing a working Endlessh-Server!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

bandebianendlesshfail2banfilterhoneypotlinuxserversystemdubuntu

Endlessh_Fail2ban_HoneyTrap

Description of the project

This project is a filter for Fail2ban to ban anyone accessing a working Endlessh-Server!

Project status

The project itself is complete and ready for use.

Requirements

Requirements for running the webui are:

Installation

  1. Install endleesh.
    For Debian/Ubuntu Distros open Console and run sudo apt install endlessh
    For other Distros look here (https://github.com/skeeto/endlessh)

  2. Configure endleesh
    Run sudo editor /etc/endleesh/config
    Add

     Port 2222

 Delay 10000

 MaxLineLength 32

 MaxClients 4096

 LogLevel 2

 BindFamily 0

  3. Start Endlessh
    Run sudo endlessh -v >endlessh.log 2>endlessh.err Or a service for Distros with Systemd: Run sudo editor /lib/systemd/system/endlessh.service

    Add 

     [Unit]
 Description=Endlessh SSH Tarpit
 Documentation=man:endlessh(1)
 Requires=network-online.target
 [Service]
 Type=simple
 Restart=always
 RestartSec=30sec
 ExecStart=/usr/bin/endlessh
 KillSignal=SIGTERM
 StartLimitInterval=5min
 StartLimitBurst=4
 StandardOutput=journal
 StandardError=journal
 StandardInput=null
 PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=full
 ProtectHome=true
 InaccessiblePaths=/run /var
 PrivateUsers=true
 NoNewPrivileges=true
 ConfigurationDirectory=endlessh
 ProtectKernelTunables=true
 ProtectKernelModules=true
 ProtectControlGroups=true
 MemoryDenyWriteExecute=true
 StandardOutput=file:/var/log/endlessh.log
 StandardError=file:/var/log/endlessh.err
 [Install]
 WantedBy=multi-user.target

    Run sudo systemctl enable endleesh
    Run sudo systemctl start endleesh

  4. Install fail2ban
    Run sudo apt install fail2ban

  5. Add to sudo editor /etc/fail2ban/jail.conf 

 [endlessh]
 enabled     = true
 maxretry    = 1
 bantime     = 2419200
 findtime    = 432000
 port        = 0:65535
 logpath     = /var/log/endlessh.log
 filter      = endlessh
 ignoreip    =

  1. Add filter sudo editor /etc/fail2ban/filter.d/endlessh.conf 

     [Definition]
 failregex = ^.* ACCEPT host=::ffff:<HOST> port=.*

  2. Run sudo systemctl enable fail2ban
    Run sudo systemctl start fail2ban

  3. Test with an SSH-Client by connecting to the fake SSH-Server (Caution you might ban yourself).
    Add ignoreip in /etc/fail2ban/jail.conf

Additional notes:

  • If you want to run the endlessh Server on Port 22 run echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf and sysctl --system

About

This project is a filter for Fail2ban to ban anyone accessing a working Endlessh-Server!

bandebianendlesshfail2banfilterhoneypotlinuxserversystemdubuntu