- This topic is empty.
- Posts
Fail2Ban Set Up:
SSH into your Precinct node and install Fail2Ban.
Execute the following commands:
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get install -y fail2ban
- sudo systemctl start fail2ban
- sudo systemctl enable fail2ban
The following will set up and configure your jail(s).
Verify whether you are running Apache or Nginx.
Execute the following commands:
For All-In-One and IE/Management nodes
Execute the following commands:
- sudo nano /etc/fail2ban/jail.local
Copy the following into the newly created jail.local file
NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.
[sshd]
banaction_allports = iptables-allports
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
bantime = 24h
findtime = 10m
maxretry = 3
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 3
findtime = 600
bantime = 2h
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
bantime = 2h
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache*/*error.log
maxretry = 2
bantime = 2h
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 2
bantime = 2h
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/log/apache*/*access.log
bantime = 2h
Save the file and exit (Ctl-O, enter, Ctl-X)
- sudo systemctl restart fail2ban
Verify that Fail2Ban is active and running:
- service fail2ban status
For Streamer and Data nodes
Execute the following commands:
- sudo nano /etc/fail2ban/jail.local
Copy the following into the newly created jail.local file
NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.
[sshd]
banaction_allports = iptables-allports
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
bantime = 24h
findtime = 10m
maxretry = 3
Save the file and exit (Ctl-O, enter, Ctl-X)
- sudo systemctl restart fail2ban
Verify that Fail2Ban is active and running:
- service fail2ban status
- You must be logged in to reply to this topic.