Differences

This shows you the differences between two versions of the page.

--- fail2ban [2009/06/18 08:34]
k2patel
+++ fail2ban [2020/08/10 02:35]
@@ Line 1: / Line 1: @@
-====== Fail2Ban ======
-Nice - Lightweight - Protection to linux box
-You can do more than expected with this utility.\\
-Here i am using SSH and FTP setting to protect my bandwidth from script kidies.
-==== Installation ====
-Fail2ban is written in Python, thus no compilation is required. You can even run Fail2ban without installing it.\\
-Following is the installation procedure for the centOS.
-<code bash>
-yum install fail2ban
-</code>
-Enable fail2ban during system startup. and start it
-<code bash>
-chkconfig --levels 235 fail2ban on
-/etc/init.d/fail2ban start
-</code>
-==== Configuration ====
-Configuration file is named as jail.conf located at "/etc/fail2ban" \\
-Following Options you might consider to setup before proceed.
-<code text>
-ignoreip - you might be consider setting your known ip in this section
-bantime - time specified here is in seconds
-maxretry - ban after any ip cross this limit.
-filter - specify filter file e.g. /etc/fail2ban/filter.d
-action - specify action file e.g. /etc/fail2ban/action.d
-logpath - where fail2ban look for log
-</code>
-Sample Config file
-<code bash | /etc/fail2ban/jail.conf >
-# Fail2Ban configuration file
-#
-# Author: Cyril Jaquier
-#
-# $Revision: 617 $
-#
-# The DEFAULT allows a global definition of the options. They can be override
-# in each jail afterwards.
-[DEFAULT]
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
-# ban a host which matches an address in this list. Several addresses can be
-# defined using space separator.
-ignoreip = 127.0.0.1 192.168.1.4
-# "bantime" is the number of seconds that a host is banned.
-bantime  = 600
-# A host is banned if it has generated "maxretry" during the last "findtime"
-# seconds.
-findtime  = 600
-# "maxretry" is the number of failures before a host get banned.
-maxretry = 3
-# "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto". This option can be overridden in
-# each jail too (use "gamin" for a jail and "polling" for another).
-#
-# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
-#          is not installed, Fail2ban will use polling.
-# polling: uses a polling algorithm which does not require external libraries.
-# auto:    will choose Gamin if available and polling otherwise.
-backend = auto
-[ssh-iptables]
-enabled  = true
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           sendmail-whois[name=SSH, dest=receiver@lithiumfox.com, sender=notify@lithiumfox.com]
-logpath  = /var/log/secure
-maxretry = 5
-[proftpd-iptables]
-enabled  = true
-filter   = proftpd
-action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
-           sendmail-whois[name=ProFTPD, dest=receiver@lithiumfox.com]
-logpath  = /var/log/secure
-maxretry = 6
-[sasl-iptables]
-enabled  = true
-filter   = sasl
-backend  = polling
-action   = iptables[name=sasl, port=smtp, protocol=tcp]
-           sendmail-whois[name=sasl, dest=receiver@lithiumfox.com]
-logpath  = /var/log/maillog
-[apache-tcpwrapper]
-enabled  = true
-filter   = apache-auth
-action   = hostsdeny
-logpath  = /var/log/httpd/*error_log
-maxretry = 6
-[postfix-tcpwrapper]
-enabled  = true
-filter   = postfix
-action   = hostsdeny
-           sendmail[name=Postfix, dest=receiver@lithiumfox.com]
-logpath  = /var/log/maillog
-bantime  = 300
-[courierpop3]
-enabled  = true
-port     = pop3
-filter   = courierlogin
-action   = iptables[name=%(__name__)s, port=%(port)s]
-logpath  = /var/log/maillog
-maxretry = 5
-[courierimap]
-enabled  = true
-port     = imap2
-filter   = courierlogin
-action   = iptables[name=%(__name__)s, port=%(port)s]
-logpath  = /var/log/maillog
-maxretry = 5
-[ssh-tcpwrapper]
-enabled     = false
-filter      = sshd
-action      = hostsdeny
-              sendmail-whois[name=SSH, dest=you@mail.com]
-ignoreregex = for myuser from
-logpath     = /var/log/secure
-[vsftpd-notification]
-enabled  = false
-filter   = vsftpd
-action   = sendmail-whois[name=VSFTPD, dest=you@mail.com]
-logpath  = /var/log/secure
-maxretry = 5
-bantime  = 1800
-[vsftpd-iptables]
-enabled  = false
-filter   = vsftpd
-action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
-           sendmail-whois[name=VSFTPD, dest=you@mail.com]
-logpath  = /var/log/secure
-maxretry = 5
-bantime  = 1800
-[apache-badbots]
-enabled  = false
-filter   = apache-badbots
-action   = iptables-multiport[name=BadBots, port="http,https"]
-           sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
-logpath  = /var/log/httpd/*access_log
-bantime  = 172800
-maxretry = 1
-[apache-shorewall]
-enabled  = false
-filter   = apache-noscript
-action   = shorewall
-           sendmail[name=Apache, dest=you@mail.com]
-logpath  = /var/log/httpd/error_log
-[ssh-ipfw]
-enabled  = false
-filter   = sshd
-action   = ipfw[localhost=192.168.0.1]
-           sendmail-whois[name="SSH,IPFW", dest=receiver@lithiumfox.com]
-logpath  = /var/log/secure
-ignoreip = 168.192.0.1
-[named-refused-udp]
-enabled  = false
-filter   = named-refused
-action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-           sendmail-whois[name=Named, dest=receiver@lithiumfox.com]
-logpath  = /var/log/secure
-ignoreip = 168.192.0.1
-[named-refused-tcp]
-enabled  = false
-filter   = named-refused
-action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
-           sendmail-whois[name=Named, dest=receiver@lithiumfox.com]
-logpath  = /var/log/secure
-ignoreip = 168.192.0.1
-</code>
-Restart service now
-<code bash>
-/etc/init.d/fail2ban restart
-</code>
-==== Final Words ====
-you can check blocked ip using following command
-<code bash>
-iptables -L
-</code>
-Hope fully this will help you

Daily *Nix

User Tools

Site Tools

Differences

Page Tools