Fail2ban

From Nuclear Physics Group Documentation Pages

Revision as of 15:41, 19 January 2012 by Jpicard (talk | contribs) (→‎Configuring)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

This article contains instructions on installing and configuring fail2ban and also some useful tips for administering it.

Installing

The fail2ban RPM is available from the EPEL package repository. Use the following instructions to make this package available to yum.
- Download the EPEL repository install RPM:
  RHEL 5
  RHEL 6
- Install the rpm:
  rpm -ivh epel-release-<version>.noarch.rpm
Install fail2ban via yum:
yum install fail2ban

Configuring

Edit the /etc/fail2ban/jail.conf and change the following settings.
- Change bantime to 24 hours (in seconds)
  bantime = 86400
- Change ssh-iptables jail (enabled by default) to 3 login attempts and not to send mail. An example config section is provided below.

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
#sendmail-whois[name=SSH, dest=root, sender=fail2ban@mail.com]
logpath  = /var/log/secure
maxretry = 3

Start the fail2ban service.
- /usr/bin/fail2ban-client start
- Note: Always start it from the fail2ban-client and not service because it will tell you if you have any errors in your config, whereas the service will just fail.
Set fail2ban to start at boot time.
- chkconfig fail2ban on

Unbanning

Run iptables -L and find the ip address you want to unban. Note: the chain listed in iptables is not the jail the ip is contained. Check the fail2ban config if you don't know the jail name.
Run the following commands as root.
- fail2ban-client get <jailname> actionunban <ip address>
- fail2ban-client reload

Retrieved from "https://nuclear.unh.edu/wiki/index.php?title=Fail2ban&oldid=5439"

Navigation menu