Wiki

User Tools

Site Tools

Trace:
systems:media_server:secure_the_server:install_fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
systems:media_server:secure_the_server:install_fail2ban [2025/05/30 19:56] petersystems:media_server:secure_the_server:install_fail2ban [2025/05/30 21:31] (current) peter
Line 1: Line 1:
 ====== Systems - Media Server - Secure the Server - Install fail2ban ====== ====== Systems - Media Server - Secure the Server - Install fail2ban ======
  
-==== Update the system: ====+**Fail2ban** is an intrusion prevention software framework.
  
-<code bash> +  * It bans IP addresses conducting too many failed login attempts.
-sudo apt update && sudo apt upgrade +
-</code>+
  
 ---- ----
  
-==== Install Fail2Ban ====+===== Update the system: =====
  
 <code bash> <code bash>
-sudo apt install fail2ban+sudo apt update && sudo apt upgrade
 </code> </code>
  
 ---- ----
  
-==== Configure Fail2Ban ==== +===== Install Fail2Ban =====
- +
-The default configuration is defined in **/etc/fail2ban/jail.conf**. +
- +
-<WRAP important> +
-**WARNING:** The default values ​​may change with package updates, so if you want to change the settings, create a **jail.local** file and modify it. +
-</WRAP> +
- +
-Here are salient lines from the default configuration: +
- +
-<file bash /etc/fail2ban/jail.conf> +
-# line 87 : ignore your own local IP +
-#ignoreself = true +
- +
-# line 92 : possible to add ignored networks +
-#ignoreip = 127.0.0.1/8 ::1 +
- +
-# line 101 : number of seconds that a host is banned +
-# - 1m ⇒ 1 minutes +
-# - 1h ⇒ 1 houer +
-# - 1d ⇒ 1 day +
-# - 1mo ⇒ 1 month +
-# - 1y ⇒ 1 year +
-bantime  = 10m +
- +
-# line 105 : A host is banned if it has generated "maxretry" during the last "findtime" +
-findtime  = 10m +
- +
-# line 108 : "maxretry" is the number of failures before a host get banned +
-maxretry = 5 +
- +
-# line 178 : destination email address if enabling email notification +
-destemail = root@localhost +
- +
-# line 181 : sender address if enabling email notification +
-sender = root@<fq-hostname> +
- +
-# line 263 : default action +
-# - %(action_)s ⇒ ban only +
-# - %(action_mw)s ⇒ band and email notification (includes Whois info) +
-# - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs) +
-action = %(action_)s +
-</file> +
- +
----- +
- +
-==== Override the default values ==== +
- +
-As root, create a **/etc/fail2ban/jail.local** file. +
- +
-<file bash /etc/fail2ban/jail.local> +
-[DEFAULT] +
-ignoreip = 127.0.0.1/8 ::1 +
-bantime  = 1d +
-findtime  = 5m +
-maxretry = 5 +
-destemail = root@localhost +
-sender = root@mediaserver +
-</file> +
- +
----- +
- +
-==== Restart Fail2Ban ====+
  
 <code bash> <code bash>
-sudo systemctl restart fail2ban+sudo apt install fail2ban
 </code> </code>
  
 ---- ----
- 
-==== Verify Fail2Ban ==== 
- 
-<code bash> 
-sudo systemctl status fail2ban 
-</code> 
- 
-returns: 
- 
-<code> 
-fail2ban.service - Fail2Ban Service 
-     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled) 
-     Active: active (running) since Fri 2025-05-30 19:38:01 UTC; 6s ago 
-       Docs: man:fail2ban(1) 
-   Main PID: 3108 (fail2ban-server) 
-      Tasks: 5 (limit: 154383) 
-     Memory: 18.8M (peak: 19.8M) 
-        CPU: 110ms 
-     CGroup: /system.slice/fail2ban.service 
-             └─3108 /usr/bin/python3 /usr/bin/fail2ban-server -xf start 
- 
-May 30 19:38:01 mediaserver systemd[1]: Started fail2ban.service - Fail2Ban Service. 
-May 30 19:38:02 mediaserver fail2ban-server[3108]: 2025-05-30 19:38:02,022 fail2ban.configreader   [3108]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto' 
-May 30 19:38:02 mediaserver fail2ban-server[3108]: Server ready 
-</code> 
- 
----- 
- 
-==== Check the fail2ban status ==== 
- 
-<code bash> 
-sudo fail2ban-client status  
-</code> 
- 
-returns: 
- 
-<code> 
-Status 
-|- Number of jail: 1 
-`- Jail list: sshd 
-</code> 
  
 <WRAP info> <WRAP info>
-**NOTE:**  By default, only the SSH service is enabled and monitored. +**NOTE:**  For now, only the sshd service is monitored.
-</WRAP>+
  
----- +  * See [[Ubuntu:Fail2Ban|Fail2Ban]] for optionally monitoring other services.
- +
-==== Check the fail2ban status of the sshd service ==== +
- +
-<code bash> +
-sudo fail2ban-client status sshd +
-</code> +
- +
-returns: +
- +
-<code> +
-Status for the jail: sshd +
-|- Filter +
-|  |- Currently failed: 0 +
-|  |- Total failed: 0 +
-|  `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd +
-`- Actions +
-   |- Currently banned: +
-   |- Total banned: 0 +
-   `- Banned IP list:  +
-</code> +
- +
-<WRAP info> +
-**NOTE:**  Once actual banning starts, the totals and the Banned IP list will get updated. +
- +
-The actual ban action is controlled by nftables. +
- +
-  * Check the nft status with: <code bash> +
-sudo nft list ruleset +
-</code>+
  
 </WRAP> </WRAP>
Line 167: Line 32:
 ---- ----
  
-==== To manually add banned hosts ====+===== References =====
  
-<code bash> +[[Ubuntu:Fail2Ban|Fail2Ban]]
-sudo fail2ban-client set sshd banip 1.2.3.4/28  +
-</code> +
- +
-<WRAP info> +
-**NOTE:**  This will ban IP 1.2.3.4/28. +
-</WRAP> +
- +
----- +
- +
-==== To manually add banned hosts ==== +
- +
-<code bash> +
-sudo fail2ban-client set sshd unbanip 1.2.3.4. +
-</code> +
- +
-<WRAP info> +
-**NOTE:**  This will unban IP 1.2.3.4. +
-</WRAP> +
- +
-----+
  
  
systems/media_server/secure_the_server/install_fail2ban.1748634996.txt.gz · Last modified: 2025/05/30 19:56 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki