Fail2ban – Hostry Help Center https://help.hostry.com Full information on how to use HOSTRY, provided by 24/7 community based support Wed, 23 Feb 2022 11:08:08 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.12 https://help.hostry.com/wp-content/uploads/cache/2021/01/cropped-apple-icon-180x180-1/836712163.png Fail2ban – Hostry Help Center https://help.hostry.com 32 32 How to Configure and Properly Set Up Fail2ban on Debian 11 https://help.hostry.com/knowledge-base/how-to-configure-and-properly-set-up-fail2ban-on-debian-11/ https://help.hostry.com/knowledge-base/how-to-configure-and-properly-set-up-fail2ban-on-debian-11/#comments Wed, 23 Feb 2022 11:08:08 +0000 https://help.hostry.com/?post_type=ht_kb&p=4742 Fail2Ban is a great and very useful tool that scans log files (eg /var/log/apache/error_log ) and blocks IP addresses that show signs of malware – too many bad passwords, search for exploits and others. This article will focus on a Linux server running on Debian 11.

Preliminary Actions

First you need to update your server. To do this, enter a simple command:

apt update && upgrade

It is worth noting that the installation is not difficult, since Fail2Ban is already included in the repositories of your Debian 11. Installation is easy, just enter the command:

apt install fail2ban

After you set it up, please check. The verification step is extremely important for making future adjustments:

systemctl status fail2ban

If Fail2ban is not running on your instance, you need to run it. This can be done with the following command:

systemctl start fail2ban

Next, move on to configuring Fail2ban. This is necessary for proper launch. Enter the following command:

systemctl enable fail2ban

Configuring Fail2Ban

If the first installation step was successfully completed and verified, then you can proceed to the Fail2ban configuration. Fail2ban is installed bundled with a default configuration file. This file contains configurable settings in Fail2ban. The file location is as follows:

/etc/fail2ban/jail.conf

The file contains settings known as filters for configuring Fail2ban. This tool also has many options in its configuration file. These options can be useful for specific scripts and services that work with each other on your Linux machine.

  • The bantime value is the exact time during which the malicious IP is blocked
  • The maxretry value – The number of times the user will try to login. If the limit is exceeded, the IP address is blocked.
  • The ignoreip value is the networks you trust. All networks you enter here will bypass Fai2Ban filtering.
  • The enable value allows Fail2ban to confirm whether you want this jail to be enabled or disabled.

Next is to talk about jails. It has an individual customization option. Jails can increase the security of your Linux computer in many ways. You can add different filters to your server services. The first step is to create the jail.local configuration file. You can do it like this:

touch /etc/fail2ban/jail.local

Open jail.local in a text editor of your choice.

nano /etc/fail2ban/jail.local.

After the clarifications above have been provided regarding hail conf. you will be able to apply this directly to the configuration.

enabled = true
port = ssh
bantime = 10h
maxretry = 12
ignoreip = Any_IP

[apache-badbots]
enabled = true
port = http,https, smtp...
bantime = 72h
maxretry = 3

[squid]
enabled = false
port = 80,443,25, 1234...
]]> https://help.hostry.com/knowledge-base/how-to-configure-and-properly-set-up-fail2ban-on-debian-11/feed/ 457 How To Install And Configure Fail2ban Under CentOS https://help.hostry.com/knowledge-base/how-to-install-and-configure-fail2ban-under-centos/ https://help.hostry.com/knowledge-base/how-to-install-and-configure-fail2ban-under-centos/#respond Tue, 20 Aug 2019 13:39:20 +0000 https://help.hostry.com/?post_type=ht_kb&p=527 Fail2ban – a service that can greatly “cool the ardor” of bots continuously trying to find a password for your server.

Install fail2ban packages from the epel repository

If the epel package is not installed, enter the commands

user @ localhost: ~ $ sudo yum -y install epel-release

Afrer install fail2ban itself

user @ localhost: ~ $ sudo yum -y install fail2ban

Activate sshd protection in fai2ban settings

Open the file /etc/fail2ban/jail.conf for editing, in the first lines we find the lines

# [sshd] # enabled = true

Then delete the first characters ‘#’, it should work

[sshd]

enabled = true

Restart the service

user@localhost:~$ sudo systemctl restart fail2ban

Check the general status

user@localhost:~$ sudo fail2ban-client status

You should be see something like

Status
|- Number of jail: 1
`- Jail list: sshd

user@localhost:~$ sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 15
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:

Do not check how the blocking works from the same IP from which you are already connected via SSH and configure fail2ban, you may lose connection for a long time).

We try to enter the wrong password 4 times to our host from any IP (for example, from 11.12.13.14). If everything works correctly for 5-6 times an unsuccessful login, the password will no longer be requested and the connection will be refused

user@localhost:~$ sudo fail2ban-client status sshd

Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 20
| - Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd - Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 11.12.13.14

If you want to remove any IP address from the block list, you can enter the command

user@localhost:~$ sudo fail2ban-client set sshd unbanip <IP>

]]> https://help.hostry.com/knowledge-base/how-to-install-and-configure-fail2ban-under-centos/feed/ 0