Fail2ban installation: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
m (1 revision imported) |
(No difference)
|
Latest revision as of 17:17, 15 December 2022
OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.
sudo apt-get install fail2ban sudo service fail2ban stop
The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place, but rather copy it so that we can make our changes safely.
We need to copy this to a file called jail.local for fail2ban to find it:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Once the file is copied, we can open it for editing to see how everything works:
sudo nano /etc/fail2ban/jail.local
We can make a few changes to make things work better.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. Here I add exceptions for bans ignoreip = 127.0.0.1/8 192.168.3.0/24 # "bantime" is the number of seconds that a host is banned. bantime = 604800 # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = mark@scottworld.net # # Name of the sender for mta actions sender = root@scottworld.net # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = %(action_mwl)s
Restart fail2ban service
service fail2ban restart