Fail2ban: diferència entre les revisions
Cap resum de modificació |
|||
| Línia 1: | Línia 1: | ||
==Commands== | |||
To see the list of jails active: | |||
fail2ban-client status | |||
To see the status of a jail and if it banned any IP: | |||
fail2ban-client status sshd | |||
==Install common== | ==Install common== | ||
After installing fail2ban configure: | After installing fail2ban configure: | ||
Revisió del 01:23, 1 abr 2016
Commands
To see the list of jails active:
fail2ban-client status
To see the status of a jail and if it banned any IP:
fail2ban-client status sshd
Install common
After installing fail2ban configure:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local vi /etc/fail2ban/jail.local
Add: "enable=true" under each of the services installed. SSH, Apache, Nginx, Vsftp, etc.
Also add the ,23 besides the ssh port for the ssh. See section below.
Restart the service,
systemctl start fail2ban
if it does not restart see the reason:
fail2ban-client -v -v start^
Install Fail2ban on Ubuntu
apt-get install fail2ban sudo service fail2ban restart sudo update-rc.d fail2ban enable
Install Fail2ban on CentOS/Fedora
Instead of installing with yum install fail2ban, use:
yum install fail2ban-server fail2ban-systemd systemctl enable fail2ban systemctl restart fail2ban
The packet fail2ban also installs the Firewalld, which blocks by default all traffic after restarting the server.
Info: http://pkgs.org/centos-7/puias-unsupported-x86_64/fail2ban-server-0.9.2-1.sdl7.noarch.rpm.html
Enable mail
yum install fail2ban-sendmail
Fail2ban when ssh in telnet port
This are no failures in sense of authentication (because login does not take place).
But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex:
^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
Add the ,23 besides the ssh port in the /etc/fail2ban/jail.local
[sshd] port = ssh,23