d
An igniting portfolio theme designed
to help you leave quite a mark.
Back to Top

Security fail2ban Linux/Ubuntu 16.04/18.04

Fail2ban is an application that allows you to block remote access to a machine after a configurable number of failed attempts. This behavior prevents unauthorized access to third parties.

Step 1 – Installation

sudo apt update
sudo apt install fail2ban

Step 2 – Most relevant settings

After installation, fail2ban runs with the default settings.
All fail2ban configurations are in default /etc/fail2ban/.

See original configuration file:
cat /etc/fail2ban/jail.conf

This file is divided into sections marked with [].
Changes can be made in each section or only in the section DEFAULT.

Create the configuration file:
sudo nano /etc/fail2ban/jail.d/ssh.conf

With the following content:

[sshd]
findtime = 600
bantime = 3600
maxretry = 3

(Bantime is in seconds)

Restart the service:
sudo systemctl restart fail2ban.service

Step 3 (Optional) – Enable Email Warnings

To enable email warnings simply:

Create a new configuration file:
sudo nano /etc/fail2ban/jail.d/default.conf

With the following content:

[DEFAULT]
destemail = omeumail@omeudominio.pt
action = %(action_mw)s

For emails to travel, an MTA service must be installed on the server.
If not present you can install the sendmail:

sudo apt install sendmail
sudo sendmailconfig

[ENTER]
[ENTER]
[ENTER]

Step 4 (Optional) – Clear Banned IP

Find currently banned IPs:

sudo fail2ban-client status sshd

Clear IP with:

sudo fail2ban-client set sshd unbanip 192.168.1.2**

Or remove all fail2ban history:

sudo rm /var/lib/fail2ban/fail2ban.sqlite3
VERY IMPORTANT!!

Each time you change any settings you must restart the service.

For more information there is always the Ubuntu documentation:
https://help.ubuntu.com/community/Fail2ban.

 

Credits: https://www.carrondo.net

Review and tested by: Cristiano Costa

Post a Comment