Archive for November, 2016

Filebeat on OpenBSD 6.0

Monday, November 28th, 2016

In an effort to improve monitoring, I setup an ELK (Elasticsearch, Logstash, Kibana) server and setup my different servers to forward their logs. Filebeat is typically installed on the servers to do the forwarding and normally this installation is pretty straight forward.

However, Filebeat is dependent on Go 1.7 and OpenBSD 6.0 only provides 1.6 as a binary package.

The following steps will setup an OpenBSD ports build machine, update the ports to current, build the required packages; then copy the packages to the target OpenBSD server, install the packages, install and configure Filebeat.


Fail2ban on OpenBSD 6.0

Sunday, November 20th, 2016

If you have ever had a server exposed to the Internet, you will often see attempts to login to ssh on port 22.

After improving my log monitoring, these login attempts annoyed me enough to take action. So I installed Fail2ban.

Fail2ban monitors logs and will add ip addresses to your firewall to block based on rules. Fail2ban is written in Python and available for several platforms and can monitor different logs (not just ssh).

I have setup Fail2ban to watch for 3 failed logins (one failed login will allow 3 password attempts) and then block that IP address for 1 day.

The following instructions are for:

OpenBSD 6.0
Fail2ban 0.9.5

The instructions also assume that you have an OpenBSD server running with ssh port 22 exposed to the Internet and use Packet Filter (PF) for your firewall.