Installation of fail2ban
Fail2ban is an intrusion prevention framework, which works together with a packet-control system or firewall installed on your server, and is commonly used to block connection attempts after a number of failed tries. It operates by monitoring log files for certain type of entries and runs predetermined actions based on its findings. Installation of fail2ban server is simple and quite Easy.
Here we will show you how to install and setup in ubuntu and centos server
apt-get install fail2ban
yum install fail2ban
Once installed, copy the default jail.conf file to make a local configuration with this command
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Then open the new local configuration file for edit with your favourite text editor, for example
sudo vi /etc/fail2ban/jail.local
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 3
ignoreip, which allows you to exclude certain IP addresses from being banned,
bantime which determines how long an offending host will remain blocked until automatically unblocked.
findtime and maxretry counts, of which the find time sets the time window for the max retry attempts before the host IP attempting to connect is blocked.
Next section deals with the configuration for SSH.
For different services you can create custom jails.
The following shows how its done for SSH.
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, email@example.com, firstname.lastname@example.org]
logpath = /var/log/secure
maxretry = 4
dest and sender means the sender and receiver address of mail.
This will notify when it triggers this rule.
if you go through the jail.local file you can see many jail rules. You can select the appropriate rules as per your requirement.
© 2018, Techrunnr. All rights reserved.