Fail2ban installation
Jump to navigation
Jump to search
OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.
sudo apt-get install fail2ban sudo service fail2ban stop
The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place, but rather copy it so that we can make our changes safely.
We need to copy this to a file called jail.local for fail2ban to find it:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Once the file is copied, we can open it for editing to see how everything works:
sudo nano /etc/fail2ban/jail.local
We can make a few changes to make things work better.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator. Here I add exceptions for bans
ignoreip = 127.0.0.1/8 192.168.3.0/24
# "bantime" is the number of seconds that a host is banned.
bantime = 604800
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = mark@scottworld.net
#
# Name of the sender for mta actions
sender = root@scottworld.net
# Choose default action. To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mwl)s
Restart fail2ban service
service fail2ban restart