Welcome › Forums › Appliance and OS › Using Fail2Ban in Precinct
- This topic is empty.
-
AuthorPosts
-
July 24, 2020 at 3:02 pm #2450
Mike Riforgiate
KeymasterFail2Ban Set Up:
SSH into your Precinct node and install Fail2Ban.
Execute the following commands:
- sudo apt-get update && sudo apt-get upgrade
- sudo apt-get install -y fail2ban
- sudo systemctl start fail2ban
- sudo systemctl enable fail2ban
The following will set up and configure your jail(s).
For All-In-One and IE/Management nodes
Execute the following commands:
- sudo nano /etc/fail2ban/jail.local
Copy the following into the newly created jail.local file
NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.
- [sshd]
- banaction_allports = iptables-allports
- enabled = true
- port = 22
- filter = sshd
- logpath = /var/log/auth.log
- bantime = 24h
- findtime = 10m
- maxretry = 3
Save the file and exit (Ctl-O, enter, Ctl-X)
- sudo systemctl restart fail2ban
Verify that Fail2Ban is active and running:
- service fail2ban status
For Streamer and Data nodes
Execute the following commands:
- sudo nano /etc/fail2ban/jail.local
Copy the following into the newly created jail.local file
NOTE: Feel free to modify “maxretry”, “findtime” and “bantime” to whatever is best for you. “maxretry” is how many attempts will be allowed before banning the IP takes place. “findtime” and “bantime” are in seconds, unless appended by an “m” for minutes or “h” for hours.
- [sshd]
- banaction_allports = iptables-allports
- enabled = true
- port = 22
- filter = sshd
- logpath = /var/log/auth.log
- bantime = 24h
- findtime = 10m
- maxretry = 3
Save the file and exit (Ctl-O, enter, Ctl-X)
- sudo systemctl restart fail2ban
Verify that Fail2Ban is active and running:
- service fail2ban status
-
AuthorPosts
- You must be logged in to reply to this topic.