Fail2ban

From DikapediaV2
Jump to: navigation, search

Fail2ban - a set of server and client programs to limit brute force authentication attempts.


How to set up fail2ban for ssh:


1) Install fail2ban
2) Create a new file by copying jail.conf to a new file called jail.local

‘cp jail.conf jail.local’

3) Configure jail.local: Bantime; number of seconds that a host is banned. Findtime; the max amount of time to complete the login process. If they don’t do it, they will be banned too. Maxretry; the number of failures before a host gets banned. [sshd] section:

  • Enabled = true; ‘enabled’ enables the jails. By default all jails are disabled, and it should stay this way. Enable only relevant to your setup jails in your .local or jail.d/*.conf. True will enable jail and log files will get monitored for changes. False will not enable jail.
  • Logpath and backend set to default.
  • Port is set to whatever port you have SSHD listening on.
logpath = %(sshd_log)s
backend = %(sshd_backend)s
Port = ssh (or of your choice); 

4) Restart fail2ban:

systemctl restart fail2ban.service




If necessary:
Configure /etc/ssh/sshd_config:
Port [of your choice]
Restart program.




https://docs.google.com/document/d/1PXncSD021pXuONWIAn-wUZoBu6MeysQHAwZqPRoPgJY/edit?usp=sharing