Nethack with Fail2Ban - jonatello/lab-musing GitHub Wiki

The idea here is to create a FreeBSD jail with Nethack installed. In order to secure it, Fail2Ban will also be configured specifically for SSH and ipfw rules to allow only port 22.

Configuration:

Update the jail

pkg update

pkg upgrade

Install the Nethack package

pkg install nethack36-3.6.0_1

Configure SSH

Edit the SSH configuration to enable Password Authentication and bind to port 22

sed -i '' 's/#PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config

sed -i '' 's/#Port 22/Port 22/g' /etc/ssh/sshd_config

Enable SSHD via rc.conf

sysrc sshd_enable=yes

Start the SSH Daemon

service sshd start

Add a user for access

adduser jonatello

Configure a NAT rule on the edge firewall for remote access

Configure ipfw and fail2ban

Install the fail2ban package

pkg install py36-fail2ban-0.10.2

Create and configure the fail2ban rules appropriately for sshd

vi /usr/local/etc/fail2ban/jail.d/ssh-ipfw.local

Or use nethack.ssh-ipfw.local

Create and configure the ipfw rules appropriately

vi /usr/local/etc/ipfw.rules

Or use nethack.ipfw.rules

Enable the ipfw firewall with a specific rules file via rc.conf

sysrc firewall_enable=yes

sysrc firewall_script=/usr/local/etc/ipfw.rules

Enable fail2ban via rc.conf

sysrc fail2ban_enable=yes

Troubleshooting

List ipfw firewall rules

ipfw list

List ipfw table 1 rules

ipfw table 1 list

Remove a specific %IPAddress% from the table 1

ipfw table 1 delete %IPAddress%