Fail2ban installation 24.04LTS: Difference between revisions
Jump to navigation
Jump to search
(Created page with "OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further. <pre> sudo apt-get install fail2ban sudo service fail2ban stop </pre> The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place, but rather copy it so that we can make our changes safely. We need to c...") |
No edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
<pre> | <pre> | ||
sudo apt | sudo apt install fail2ban | ||
sudo service | sudo systemctl stop fail2ban.service | ||
</pre> | </pre> | ||
The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. | The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. | ||
Since this file can be modified by package upgrades, we should not edit this file in-place | Since this file can be modified by package upgrades, we should not edit this file in-place. | ||
We need to | We need to create a local customisation file: | ||
nano /etc/fail2ban/jail.d/solaris.local | |||
Once the file is created, we can open it for editing | |||
We can make a few changes to make things work better. | We can make a few changes to make things work better. | ||
<pre> | <pre> | ||
[DEFAULT] | |||
ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1 | |||
bantime = 2h | |||
ignoreip = 127.0.0.1/8 | maxretry = 5 | ||
bantime = | |||
destemail = mark@scottworld.net | destemail = mark@scottworld.net | ||
sender = root@scottworld.net | |||
action = %(action_mwl)s | |||
[recidive] | |||
enabled = true | |||
[postfix] | |||
enabled = true | |||
[apache-auth] | |||
enabled = true | |||
</pre> | </pre> | ||
Restart fail2ban service | Restart fail2ban service | ||
service fail2ban | systemctl restart fail2ban.service | ||
Check everything is good with... | |||
fail2ban-client status | |||
To find a specific ban | |||
fail2ban-client status <named of the jail> | |||
To remove a ban | |||
fail2ban-client unban <ip> |
Latest revision as of 17:45, 18 March 2024
OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.
sudo apt install fail2ban sudo systemctl stop fail2ban.service
The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place.
We need to create a local customisation file:
nano /etc/fail2ban/jail.d/solaris.local
Once the file is created, we can open it for editing We can make a few changes to make things work better.
[DEFAULT] ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1 bantime = 2h maxretry = 5 destemail = mark@scottworld.net sender = root@scottworld.net action = %(action_mwl)s [recidive] enabled = true [postfix] enabled = true [apache-auth] enabled = true
Restart fail2ban service
systemctl restart fail2ban.service
Check everything is good with...
fail2ban-client status
To find a specific ban
fail2ban-client status <named of the jail>
To remove a ban
fail2ban-client unban <ip>