Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
| engineering:computer_science:linux:hardening:linux_fail2ban [2024/08/16 13:56] – removed - external edit (Unknown date) 127.0.0.1 | engineering:computer_science:linux:hardening:linux_fail2ban [2024/08/16 13:56] (current) – ↷ Page moved from refractor_computer_science:linux:hardening:linux_fail2ban to engineering:computer_science:linux:hardening:linux_fail2ban carlossousa | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Using Fail2Ban on Linux ====== | ||
| + | |||
| + | ===== Install Fail2Ban ===== | ||
| + | |||
| + | Use your package manager of choice to install fail2ban. In my case, since I'm using Ubuntu: | ||
| + | |||
| + | <code bash> | ||
| + | sudo apt install fail2ban | ||
| + | |||
| + | |||
| + | </ | ||
| + | |||
| + | ===== Configure Fail2Ban ===== | ||
| + | |||
| + | There are two main configuration files in Fail2Ban: | ||
| + | |||
| + | * / | ||
| + | |||
| + | This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here. | ||
| + | |||
| + | * / | ||
| + | |||
| + | This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc. | ||
| + | |||
| + | Start by creating a local copy of the files with: | ||
| + | |||
| + | <code bash> | ||
| + | cd / | ||
| + | cp jail.conf jail.local && | ||
| + | cp fail2ban.conf fail2ban.local | ||
| + | |||
| + | </ | ||
| + | |||
| + | Edit the files at your will. The recommendation is to leave the .conf files alone, and change only the .local files. | ||
| + | |||
| + | ==== A Recommendation ==== | ||
| + | |||
| + | jail.local | ||
| + | |||
| + | <code bash> | ||
| + | bantime = 30m | ||
| + | findtime = 24m # Set FindTime for an entire day | ||
| + | maxretry = 5 | ||
| + | |||
| + | </ | ||
| + | |||
| + | fail2ban.local | ||
| + | |||
| + | ===== Enable Fail2Ban ===== | ||
| + | |||
| + | Start the service with: | ||
| + | |||
| + | <code bash> | ||
| + | systemctl start fail2ban | ||
| + | |||
| + | </ | ||
| + | |||
| + | If you don't receive any error, set it to auto run with: | ||
| + | |||
| + | <code bash> | ||
| + | systemctl enable fail2ban | ||
| + | |||
| + | </ | ||
| + | ===== Log and Management ===== | ||
| + | |||
| + | You can **check the log** with: | ||
| + | <code bash> | ||
| + | cat / | ||
| + | |||
| + | </ | ||
| + | |||
| + | See **banned IPs** with: | ||
| + | <code bash> | ||
| + | fail2ban-client status < | ||
| + | |||
| + | </ | ||
| + | |||
| + | **Unban** an IP with: | ||
| + | <code bash> | ||
| + | fail2ban-client set < | ||
| + | |||
| + | </ | ||
| + | |||
| + | Add a **Whitelist IP** with: | ||
| + | <code bash> | ||
| + | fail2ban-client set < | ||
| + | |||
| + | </ | ||