Select Page

Welcome Forums

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #2447
    Mike RiforgiateMike Riforgiate
    Keymaster

    Fail2Ban Set Up:

    SSH into your Precinct node and install Fail2Ban.

    Execute the following commands:

    • sudo apt-get update && sudo apt-get upgrade
    • sudo apt-get install -y fail2ban
    • sudo systemctl start fail2ban
    • sudo systemctl enable fail2ban

    The following will set up and configure your jail(s).

    Verify whether you are running Apache or Nginx.

    Execute the following commands:

     

    For All-In-One and IE/Management nodes

    Execute the following commands:

    • sudo nano /etc/fail2ban/jail.local

    Copy the following into the newly created jail.local file

    NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.

    [sshd]

    banaction_allports = iptables-allports

    enabled = true

    port = 22

    filter = sshd

    logpath = /var/log/auth.log

    bantime = 24h

    findtime = 10m

    maxretry = 3

     

    [apache]

    enabled  = true

    port     = http,https

    filter   = apache-auth

    logpath  = /var/log/apache*/*error.log

    maxretry = 3

    findtime = 600

    bantime = 2h

     

    [apache-overflows]

    enabled  = true

    port     = http,https

    filter   = apache-overflows

    logpath  = /var/log/apache*/*error.log

    maxretry = 2

    bantime = 2h

     

    [apache-badbots]

    enabled  = true

    port     = http,https

    filter   = apache-badbots

    logpath  = /var/log/apache*/*error.log

    maxretry = 2

    bantime = 2h

     

    [apache-nohome]

    enabled  = true

    port     = http,https

    filter   = apache-nohome

    logpath  = /var/log/apache*/*error.log

    maxretry = 2

    bantime = 2h

     

    [php-url-fopen]

    enabled = true

    port    = http,https

    filter  = php-url-fopen

    logpath = /var/log/apache*/*access.log

    bantime = 2h

     

    Save the file and exit (Ctl-O, enter, Ctl-X)

     

    • sudo systemctl restart fail2ban

     

    Verify that Fail2Ban is active and running:

     

    • service fail2ban status

     

     

    For Streamer and Data nodes

    Execute the following commands:

     

    • sudo nano /etc/fail2ban/jail.local

     

    Copy the following into the newly created jail.local file

     

    NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.

     

     

    [sshd]

    banaction_allports = iptables-allports

    enabled = true

    port = 22

    filter = sshd

    logpath = /var/log/auth.log

    bantime = 24h

    findtime = 10m

    maxretry = 3

     

    Save the file and exit (Ctl-O, enter, Ctl-X)

     

    • sudo systemctl restart fail2ban

     

    Verify that Fail2Ban is active and running:

     

    • service fail2ban status

     

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.