Automate easyrule from remote host
Currently I have a NAT:ed ssh server (linux) on my local LAN. The NAT:ing is done by pfsense, and I use the pfsense box as my "home router"/firewall.
On the sshd-machine I want to run fail2ban to be able to block those nasty attackers filling up my auth.log. I could block them on the linux box with iptables but preferably I would like my pfsense machine to do this. So I figured I still run fail2ban on my ssh-machine (where the logs to be analyzed are) and then, in case of a break-in attempt, I use easyrule over ssh to block the ip. Like this for example:
ssh admin@pfsensebox easyrule block wan 22.214.171.124
But this didn't work since I suppose the menu that pops up when I log in as admin gets in the way of my command. Strangely it works if I use a command without arguments, like just 'ls'.
Anyway, I have now created a second user with admin permissions but then I get this error instead:
ssh otheradminuser@pfsensebox "easyrule block wan 126.96.36.199"
Fatal error: Call to undefined function session_commit() in /etc/inc/config.lib.inc on line 552
PHP ERROR: Type: 1, File: /etc/inc/config.lib.inc, Line: 552, Message: Call to undefined function session_commit()
Any idea how to solve this?
Also any ideas of a better solution to this? Can it be done in a more elegant way directly in pfsense? Btw, I also run a webserver on this sshd-machine and I also plan to let fail2ban analyze the logs from that.
The admin user is locked to the menu but you can use the root user to work around that. Now that I've mentioned it's technically possible, I must caution against allowing automated remote root logins. It's bad. Don't do it.
Make a new user just for this and add the sudo package in the GUI, then grant that user access to easyrule, give it an ssh key, and then use that account instead of root/admin.
I didn't realized that the "admin" group was just for the webgui, but of course that make totally sense.
I have now added the command /usr/local/bin/easyrule to the list of sudoed commands for that regular user and it works as intended, thanks!
There was just one thing, at first I had problems because I kept getting prompted for password every time I ran 'sudo easyrule'. After a while I found out that this was because I used "Run As" admin and not root. Is it not possible to set NOPASSWD when "running as" admin?
min and not root. Is it not possible to set NOPASSWD when "running as" ad
sorry for reply this old post, but i'm lookin for some like this... @akvadrat cant you share your workaround in fail2ban to write or execute the eary rule action... to add and remove the hosts ip address... ad the moddifield maked to pfsense box on sudoers etc ..