engineering:computer_science:linux:hardening:linux_fail2ban [Carlos Sousa Wiki]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

====== Using Fail2Ban on Linux ======

===== Install Fail2Ban =====

Use your package manager of choice to install fail2ban. In my case, since I'm using Ubuntu:

<code bash>
sudo apt install fail2ban


</code>

===== Configure Fail2Ban =====

There are two main configuration files in Fail2Ban:

  * /etc/fail2ban/fail2ban.conf

This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here.

  * /etc/fail2ban/jail.conf

This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc.

Start by creating a local copy of the files with:

<code bash>
cd /etc/fail2ban &&
cp jail.conf jail.local &&
cp fail2ban.conf fail2ban.local

</code>

Edit the files at your will. The recommendation is to leave the .conf files alone, and change only the .local files.

==== A Recommendation ====

jail.local

<code bash>
bantime = 30m
findtime = 24m # Set FindTime for an entire day
maxretry = 5

</code>

fail2ban.local

===== Enable Fail2Ban =====

Start the service with:

<code bash>
systemctl start fail2ban

</code>

If you don't receive any error, set it to auto run with:

<code bash>
systemctl enable fail2ban

</code>
===== Log and Management =====

You can **check the log** with:
<code bash>
cat /var/log/fail2ban.log

</code>

See **banned IPs** with:
<code bash>
fail2ban-client status <jail-name>

</code>

**Unban** an IP with:
<code bash>
fail2ban-client set <jail-name> unbanip <ip-address>

</code>

Add a **Whitelist IP** with:
<code bash>
fail2ban-client set <jail-name> addignoreip <ip-address>

</code>