Fail2ban filter for sabnzbd?

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
zonky
Newbie
Newbie
Posts: 12
Joined: February 13th, 2008, 8:58 pm

Fail2ban filter for sabnzbd?

Post by zonky »

Just wondering if anyone has written a fail2ban filter for sabnzbd they could share?

zonky
Newbie
Newbie
Posts: 12
Joined: February 13th, 2008, 8:58 pm

Re: Fail2ban filter for sabnzbd?

Post by zonky »

Ok- so i've written a simple fail2ban script as a starting point for others to follow.

My config- i have sabnzbd listening on a public address, fronted by a Nginx reverse proxy, with Letsencrypt cert.

Sabnzbd is setup to require forms auth in Sabnzbd. I want to protect against password enumeration, and enumeration of api keys. Yes, my password choice is already strong, and api keys are complex, but if you're not learning, you're standing still so....

Because its using a reverse proxy, i have to get nginx setup to pass on the client IP (otherwise sabnzbd will only see the local address - so here's my nginx sites config:

Code: Select all

server {
        # SABNZBD Congig for reverse proxy
        listen 443 ssl; # managed by Certbot
        server_name sitename.domain.tld
        ssl_certificate /etc/letsencrypt/live/sitename.domain.tld/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/sitename.domain.tld/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        root /var/www;
	location /{
                proxy_pass http://127.0.0.1:5211/; # Local sabnzbdplus ip and non SSL port
		    }
        }
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;	
	server {
		if ($host = sitename.domain.tld) {
		return 301 https://$host$request_uri;
		} # managed by Certbot
		listen 80 ;
		server_name sitename.domain.tld;
		return 404; # managed by Certbot
}
Obv sub your url for the sitename.domain.tld above. Note that also, i have sabnzbd configured on a different listening port, 5211, rather than the standard. You'd need to change that for your situation.

Then on to fail2ban.

I have this added to my jail.local:

Code: Select all

[sabnzbd]
enabled  = true
port     = http,https
filter   = sabnzbd
logpath  = /home/sabnzbduser/.sabnzbd/logs/sabnzbd.log
maxretry = 4
findtime = 3600
bantime = 172800
Replace the sabnzbduser with the username running your sabnzbd daemon.

Now, on to the filter.d for sabnzbd:

Code: Select all

#
# Fail2Ban for SABNZBD via NGINX Reverse Proxy
#


[Definition]
failregex = ^.*Unsuccessful login attempt from 127.0.0.1 \(X-Forwarded-For: <HOST>.*$
	    ^.*API key incorrect, Use the API key from Config-\>General in your 3rd party program: 127.0.0.1 \(X-Forwarded-For: <HOST>.*$
That's it- pretty simple. So now if an IP address tries to login and fails 4 times within an hour, it's banned via iptables for 48 hours.

Obv some limitations to this approach you need to be aware of:

Multiple filters are supported in fail2ban after 0.8ish- i am running this on 22.04 server without issue- modern distros will be fine.
The log lines are correct as the current package in the repo that i've added. They could change, and the test may fail. Test after upgrades!

Hope someone finds this useful.

Post Reply