Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail2ban Traccar Filter #1554

Closed
dschense opened this issue Nov 25, 2015 · 11 comments
Closed

Fail2ban Traccar Filter #1554

dschense opened this issue Nov 25, 2015 · 11 comments

Comments

@dschense
Copy link

Is it possible to create a Fail2ban filter for Traccar with the open Port in iptables?
I opend Port 5055 for android device on the server in iptables.
anybody who secured the server by this way?
@tananaev
Copy link
Member

Fail2ban uses regular expressions for filtering, so it should be possible to configure it with Traccar. I haven't tried it though.

If someone has experience or working config, it would be great if he could share it with community.

@dschense
Copy link
Author

Nobody who knows how to scan traccar with fail2ban an integrate with iptables to make it more secure ?

@chathudan
Copy link

I'm also looking for it . Thanks.

@nelim
Copy link

nelim commented Nov 29, 2015

I can try to make one, but dont think it is a good idea, because most mobile operators NAT a lot of devices behind couple of IP addresses, so you can block your own devices too(you can block whole providers by mistake). In my logs there are many devices that come from same ip address.

@dschense
Copy link
Author

Okay, that sounds strange.. I thought about a filter looking for waring if unknown devices want to sent data to server. then block the ip adress after 3 or more times. And maybe also scanning other stuff doing bad things to the open Port. (using devices over Port 5055)

@nelim
Copy link

nelim commented Nov 29, 2015

@tananaev Can we add remote ip address to "Unknown device" line easy, to parse it easier when we have a lot of traffic on server?

@tananaev
Copy link
Member

@nelim, I have just added IP address to the log messages (c669270).

@nelim
Copy link

nelim commented Nov 30, 2015

@dschense
You can append that in jail.conf
[traccar]

enabled = true
port = 5002,5055
filter = traccard
banaction = iptables-multiport
logpath = /opt/traccar/logs/tracker-server.log
maxretry = 3

and copy https://nelim.han.bg/pro/traccard.conf on your fail2ban/filter.d/ directory

You must keep in mind 2 imoprtant things

  1. Traccar show Unknown device, IF and ONLY unknown device connect on exactly protocol port.
    for example, if osmand connect on port 5055 and is not in database, it report unknown device and ip, but if such request is send on port 5002, it just make connection and does not report anything..
    this means that you cant ban scanning stuff that is doing bad things.
  2. as i said before, be aware that you can ban whole mobile operators if some GPRS devices that are not added to your devices try to connect, which can affect your own devices.

Good luck :)

ps. Oh, forgot, you can change port = on what ports you are using, or all traccar ports.

@dschense
Copy link
Author

Wow, that's great, I will play with your solution and report back ;-)

Thanks so far!

@chathudan
Copy link

@nelim Thanks you for great work

How to block IP for some time ? let's say if a user makes 3 or more hits within 1-3 seconds , and block that IP for 5 minutes

@nelim
Copy link

nelim commented Dec 1, 2015

@chathudan
You are looking for common fail2ban options
bantime = 300 (5 minutes ban)
maxretry = 3 (3 fail hits)
findtime = 300 (5 minutes) - this is time in logs between maxretry, if 3rd retry is in 301 sec it starts new count.

http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tananaev @dschense @chathudan @nelim