Summary
Fail2ban is an intrusion prevention framework that protects computer servers from brute-force attacks. fail2ban operates by monitoring monitors logs and manages bans to network services. You can use it with minetest to prevent bruteforcing, Denail of service attacks, and just prevent bad actors from interacting with server authentication.
Requirements
- fail2ban installed and enabled
- Minetest installed and running
- Knowing where the logs for Minetest are stored: by default /var/log/minetest/minetest.log for servers but they can be elsewhere if you compile from source and specify them elsewhere.
To Install:
sudo apt-get update && sudo apt-get install fail2ban
Enable fail2ban service at system startup
CODE: SELECT ALL
sudo systemctl enable fail2ban
Step one: create the jail
You need to create a jail for Fail2ban. If you’re on Ubuntu and use nano as editor, run:
CODE: SELECT ALL
sudo nano /etc/fail2ban/jail.d/minetest.confAdd the text:
CODE: SELECT ALL
[minetest]
enabled = true
port = 30000
protocol = udp
filter = minetest
logpath = /var/log/minetest/minetest.log*
findtime = 43200
bantime = 86400
maxretry = 10Step 2: Create the filter
sudo nano /etc/fail2ban/filter.d/minetest.conf
CODE: SELECT ALL
# Fail2Ban configuration file for Minetest
[Definition]
failregex = ^: ACTION\[Server\]: Server: User \w+ at <HOST> supplied wrong password \(auth mechanism: SRP\)\.$
^: ACTION\[Server\]: Server: Player with the name "\w+" tried to connect from <HOST> but it was disallowed for the following reason: $Save and exit nano.
Then restart fail2ban
CODE: SELECT ALL
sudo systemctl restart fail2ban
To test (requires at least one failed authentication failure in the logs):
CODE: SELECT ALL
fail2ban-regex /var/log/minetest/minetest.log /etc/fail2ban/filter.d/minetest.conf --print-all-matchedWill return a summary after scanning lines.
Fail2ban logs can be seen at /var/log/fail2ban.log or a status can be seen with
CODE: SELECT ALL
sudo service fail2ban status