Fail2ban: diferència entre les revisions

Install common

After installing fail2ban configure:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
vi /etc/fail2ban/jail.local

Add: "enable=true" under each of the services installed. SSH, Apache, Nginx, Vsftp, etc.

Also add the ,23 besides the ssh port for the ssh. See section below.

Restart the service,

systemctl start fail2ban

if it does not restart see the reason:

fail2ban-client -v -v start^

Install Fail2ban on Ubuntu

apt-get install fail2ban
sudo service fail2ban restart
sudo update-rc.d fail2ban enable

Install Fail2ban on CentOS/Fedora

Instead of installing with yum install fail2ban, use:

yum install fail2ban-server fail2ban-systemd
systemctl enable fail2ban
systemctl restart fail2ban

The packet fail2ban also installs the Firewalld, which blocks by default all traffic after restarting the server.

Info: http://pkgs.org/centos-7/puias-unsupported-x86_64/fail2ban-server-0.9.2-1.sdl7.noarch.rpm.html

Enable mail

 yum install fail2ban-sendmail

Fail2ban when ssh in telnet port

This are no failures in sense of authentication (because login does not take place).

But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex:

            ^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
            ^%(__prefix_line)sDid not receive identification string from <HOST>\s*$

Add the ,23 besides the ssh port in the /etc/fail2ban/jail.local

[sshd]
port    = ssh,23

https://github.com/fail2ban/fail2ban/issues/1284