Fail2ban installation 24.04LTS: Difference between revisions

Latest revision as of 17:45, 18 March 2024

OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.

sudo apt install fail2ban
sudo systemctl stop fail2ban.service

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place.

We need to create a local customisation file:

nano /etc/fail2ban/jail.d/solaris.local

Once the file is created, we can open it for editing We can make a few changes to make things work better.

[DEFAULT]
ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1
bantime  = 2h
maxretry = 5
destemail = mark@scottworld.net
sender = root@scottworld.net
action = %(action_mwl)s

[recidive]
enabled = true

[postfix]
enabled = true

[apache-auth]
enabled = true

Restart fail2ban service

systemctl restart fail2ban.service

Check everything is good with...

fail2ban-client status

To find a specific ban

fail2ban-client status <named of the jail>

To remove a ban

fail2ban-client unban <ip>

@@ Line 2: / Line 2: @@
 <pre>
-sudo apt-get install fail2ban
+sudo apt install fail2ban
-sudo service fail2ban stop
+sudo systemctl stop fail2ban.service
 </pre>
 The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf.
-Since this file can be modified by package upgrades, we should not edit this file in-place, but rather copy it so that we can make our changes safely.
+Since this file can be modified by package upgrades, we should not edit this file in-place.
-We need to copy this to a file called jail.local for fail2ban to find it:
+We need to create a local customisation file:
-  sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+  nano /etc/fail2ban/jail.d/solaris.local
-Once the file is copied, we can open it for editing to see how everything works:
- sudo nano /etc/fail2ban/jail.local
+Once the file is created, we can open it for editing
 We can make a few changes to make things work better.
 <pre>
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
+[DEFAULT]
-# ban a host which matches an address in this list. Several addresses can be
+ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1
-# defined using space separator. Here I add exceptions for bans
+bantime  = 2h
-ignoreip = 127.0.0.1/8 192.168.3.0/24
+maxretry = 5
-# "bantime" is the number of seconds that a host is banned.
-bantime  = 604800
-# Destination email address used solely for the interpolations in
-# jail.{conf,local} configuration files.
 destemail = mark@scottworld.net
+sender = root@scottworld.net
+action = %(action_mwl)s
-#
+[recidive]
-# Name of the sender for mta actions
+enabled = true
-sender = root@scottworld.net
-# Choose default action.  To change, just override value of 'action' with the
+[postfix]
-# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
+enabled = true
-# globally (section [DEFAULT]) or per specific section
-action = %(action_mwl)s
+[apache-auth]
+enabled = true
 </pre>
 Restart fail2ban service
-  service fail2ban restart
+  systemctl restart fail2ban.service
+Check everything is good with...
+ fail2ban-client status
+To find a specific ban
+ fail2ban-client status <named of the jail>
+To remove a ban
+ fail2ban-client unban <ip>

Fail2ban installation 24.04LTS: Difference between revisions

Latest revision as of 17:45, 18 March 2024

Navigation menu

Search