• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Input Howto secure a standard Postgres Port with Fail2Ban

hschneider

New Pleskian
This article describes how to add a Fail2Ban Jail for PostgreSQL:

Here the short version in english:

Create the filter file in
/etc/fail2ban/filter.d/custom-postgres.conf

with this content:

[Definition]
failregex = ^<HOST>.+FATAL: password authentication failed for user.+$
^<HOST>.+FATAL: no pg_hba.conf entry for host .+$
ignoreregex = duration:#
ignoreregex =

Save and restart Fail2Ban.

Add the Host ID to the Postgres Log by editing this file:
/etc/postgresql/10/main/postgresql.conf

Change log_line_prefix to
log_line_prefix = '%h %m [%p] %q%u@%d '

Save and restart Postgres.

Now go to Plesk's Fail2Ban Setup and create a new jail with this action:
iptables[chain="INPUT", name="PostgreSQL-Server", port="5432", protocol="tcp", returntype="RETURN", lockingopt="-w"]

Full config here:
plesk-fail2ban-postgres-jail.jpg

That'S it :)

-- Harald
 
Last edited:
Back
Top