4 privesc fail2ban
Last updated
Last updated
fox@fail:~$ id
uid=1000(fox) gid=1001(fox) groups=1001(fox),1000(fail2ban)
# Fail2Ban is an IPS framework that protects computer servers from brute-force attacks.
Using https://grumpygeekwrites.wordpress.com/2021/01/29/privilege-escalation-via-fail2ban/
# log file location; cant read it
fox@fail:~$ ls -la /var/log/fail2ban.log
-rw-r----- 1 root adm 127311 Aug 23 22:31 /var/log/fail2ban.log
fox@fail:~$ ls -la /etc/fail2ban/
[truncated]
drwxrwxr-x 2 root fail2ban 4096 Dec 3 2020 action.d
# /etc/fail2ban/action.d is WRITABLE by fail2ban group
# fox is part of fail2ban group