Select Page

Using Fail2Ban in Precinct

Welcome Forums Appliance and OS Using Fail2Ban in Precinct

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #2450
    Mike RiforgiateMike Riforgiate
    Keymaster

    Fail2Ban Set Up:

    SSH into your Precinct node and install Fail2Ban.

    Execute the following commands:

    • sudo apt-get update && sudo apt-get upgrade
    • sudo apt-get install -y fail2ban
    • sudo systemctl start fail2ban
    • sudo systemctl enable fail2ban

    The following will set up and configure your jail(s).

     

    For All-In-One and IE/Management nodes

    Execute the following commands:

    • sudo nano /etc/fail2ban/jail.local

    Copy the following into the newly created jail.local file

    NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.

    • [sshd]
    • banaction_allports = iptables-allports
    • enabled = true
    • port = 22
    • filter = sshd
    • logpath = /var/log/auth.log
    • bantime = 24h
    • findtime = 10m
    • maxretry = 3

     

    • [apache]
    • enabled  = true
    • port     = http,https
    • filter   = apache-auth
    • logpath  = /var/log/apache*/*error.log
    • maxretry = 3
    • findtime = 600
    • bantime = 2h

     

    • [apache-overflows]
    • enabled  = true
    • port     = http,https
    • filter   = apache-overflows
    • logpath  = /var/log/apache*/*error.log
    • maxretry = 2
    • bantime = 2h

     

    • [apache-badbots]
    • enabled  = true
    • port     = http,https
    • filter   = apache-badbots
    • logpath  = /var/log/apache*/*error.log
    • maxretry = 2
    • bantime = 2h

     

    • [apache-nohome]
    • enabled  = true
    • port     = http,https
    • filter   = apache-nohome
    • logpath  = /var/log/apache*/*error.log
    • maxretry = 2
    • bantime = 2h

     

    • [php-url-fopen]
    • enabled = true
    • port    = http,https
    • filter  = php-url-fopen
    • logpath = /var/log/apache*/*access.log
    • bantime = 2h

     

    Save the file and exit (Ctl-O, enter, Ctl-X)

     

    • sudo systemctl restart fail2ban

     

    Verify that Fail2Ban is active and running:

     

    • service fail2ban status

     

     

    For Streamer and Data nodes

    Execute the following commands:

    • sudo nano /etc/fail2ban/jail.local

     

    Copy the following into the newly created jail.local file

     

    NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.

    • [sshd]
    • banaction_allports = iptables-allports
    • enabled = true
    • port = 22
    • filter = sshd
    • logpath = /var/log/auth.log
    • bantime = 24h
    • findtime = 10m
    • maxretry = 3

     

    Save the file and exit (Ctl-O, enter, Ctl-X)

     

    • sudo systemctl restart fail2ban

     

    Verify that Fail2Ban is active and running:

     

    • service fail2ban status

     

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.