FAIL2BAN

  • Views Views: 581
  • Last updated Last updated:
  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now
  • 1. Intro

    Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

    2. Protect your Server
    When you install PlexGuide, fail2ban is installed by default. The basic settings are created directly, as well as the service runs with default settings.

    Here in this section you will only be told how to configure 24H 48H or 7D 'FAIL2BAN' and how to unban an IP.

    3. Configuration
    PLEASE be careful !!! If you ban your IP you must wait the configured time before you can reconnect to your server.


    First, create a configuration file for Fail2ban. This file doesn’t exist by default, but Fail2ban will look for this file and read the contents if it exists:
    Code:
    touch /etc/fail2ban/jail.local
    Run the following command to open the file for editing:
    Code:
    nano /etc/fail2ban/jail.local
    Paste in the following contents, and save the file (CTRL + X then Y):
    Code:
    [DEFAULT] ignoreip = 127.0.0.1/8 ::1
    bantime = 86400
    findtime = 600
    maxretry = 5
    [sshd] enabled = true
    These rules will ban IP addresses for 24 hours {bantime = 86400}, if they make 5 mistakes {maxretry = 5}, within 10 minutes {findtime = 600}. Finally, we enabled the jail for sshd
    Feel free to change this to your needs, see examples of ban times below:
    Code:
    For 48H:
    bantime = 172800
    For 7D:
    bantime = 604800
    Now that we have created a configuration to use, restart Fail2ban so that our new rules are read and utilized:
    Code:
    service fail2ban restart
    We will also double check to make sure Fail2ban is running after the restart:
    Code:
    service fail2ban status
    6. unban IPs
    Run the following command to check the status of Fail2ban:
    Code:
    fail2ban-client status sshd
    Finally, we will demonstrate how to remove a banned IP. This is helpful if you have clients that accidentally block themselves from incorrect password attempts. The syntax for this command is as follows:
    Code:
    fail2ban-client set <JAIL NAME> unbanip <IP ADDRESS>


    Source: https://www.liquidweb.com/kb/install-configure-fail2ban-ubuntu-server-16-04/