Fail2ban installation 24.04LTS

From ScottWiki
Revision as of 16:45, 18 March 2024 by Wikiadmin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.

sudo apt install fail2ban
sudo systemctl stop fail2ban.service

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Since this file can be modified by package upgrades, we should not edit this file in-place.

We need to create a local customisation file:

nano /etc/fail2ban/jail.d/solaris.local

Once the file is created, we can open it for editing We can make a few changes to make things work better.

[DEFAULT]
ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1
bantime  = 2h
maxretry = 5
destemail = mark@scottworld.net
sender = root@scottworld.net
action = %(action_mwl)s

[recidive]
enabled = true

[postfix]
enabled = true

[apache-auth]
enabled = true

Restart fail2ban service

systemctl restart fail2ban.service

Check everything is good with...

fail2ban-client status

To find a specific ban

fail2ban-client status <named of the jail>

To remove a ban

fail2ban-client unban <ip>