Fail2ban installation

From Scottworld
Jump to navigation Jump to search

OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.

sudo apt-get install fail2ban
sudo service fail2ban stop

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place, but rather copy it so that we can make our changes safely.

We need to copy this to a file called jail.local for fail2ban to find it:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Once the file is copied, we can open it for editing to see how everything works:

sudo nano /etc/fail2ban/jail.local

We can make a few changes to make things work better.

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator. Here I add exceptions for bans
ignoreip = 127.0.0.1/8 192.168.3.0/24

# "bantime" is the number of seconds that a host is banned.
bantime  = 604800

# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = mark@scottworld.net

#
# Name of the sender for mta actions
sender = root@scottworld.net

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mwl)s

Restart fail2ban service

service fail2ban restart