Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
home_server:home_server_setup:other_services:fail2ban [2019-12-08 Sun wk49 15:10] baumkphome_server:home_server_setup:other_services:fail2ban [2023-04-30 Sun wk17 17:43] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +{{tag>fail2ban failtoban setup customise linux security}}
 =====Fail2Ban===== =====Fail2Ban=====
  
-Scans log files and check for in appropriate password activities and update and uses firewall (IPTables) to restrict (stop for a period of time) these activities. So failtoban limits incorrect authorisation attempts, thereby reducing, but not entirely eliminating associated risks and bandwidths. It is primarily used on port and associated services open to the public. DigitalOcean [[https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04|How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04]] and [[https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server|How Fail2Ban Works to Protect Services on a Linux Server]]. Also see the wiki of Fail2Ban on [[https://wiki.meurisse.org/wiki/Fail2Ban|nftables]] and Fail2ban [[https://github.com/fail2ban/fail2ban/issues/1118|Add support for nftables #1118]] and [[https://github.com/fail2ban/fail2ban/pull/1292|Add nftables actions #1292]].+Scans log files and check for in appropriate password activities and update and uses firewall (IPTables) to restrict (stop for a period of time) these activities. So fail2ban limits incorrect authorisation attempts, thereby reducing, but not entirely eliminating associated risks and bandwidths. It is primarily used on port and associated services open to the public. DigitalOcean [[https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04|How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04]] and [[https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server|How Fail2Ban Works to Protect Services on a Linux Server]]. Also see the wiki of Fail2Ban on [[https://wiki.meurisse.org/wiki/Fail2Ban|nftables]] and Fail2ban [[https://github.com/fail2ban/fail2ban/issues/1118|Add support for nftables #1118]] and [[https://github.com/fail2ban/fail2ban/pull/1292|Add nftables actions #1292]]. 
 +  *''sudo apt install fail2ban'' to install fail2ban 
 +  *''sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local'' copy the main configuration file to a local file to be modified.  It is recommended not to change the main file as it is updated with the package. 
 +  *''sudo vim /etc/fail2ban/jail.local'' and adjust the following basic settings: 
 +    *''ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24'' 
 +    *''bantime  = 60m'' 
 +    *''findtime  = 60m'' 
 +    *''maxretry = 4'' 
 +  *then adjust each jail to be activated: 
 +    *<code postfix> 
 +[postfix] 
 +# To use another modes set filter parameter "mode" in jail.local: 
 +enable  = true 
 +mode    = more 
 +bantime = 12h 
 +port    = smtp,465,submission 
 +logpath = %(postfix_log)s 
 +backend = %(postfix_backend)s </code> 
 +    *<code> 
 +[postfix-sasl] 
 +enabled  = true 
 +bantime  = 12h 
 +filter   = postfix[mode=auth] 
 +port     = smtp,465,submission,imap,imaps,pop3,pop3s 
 +# You might consider monitoring /var/log/mail.warn instead if you are 
 +# running postfix since it would provide the same log lines at the 
 +# "warn" level but overall at the smaller filesize. 
 +logpath  = %(postfix_log)s 
 +backend  = %(postfix_backend)s</code> 
 +  *''sudo systemctl restart fail2ban'' 
 +  *''sudo systemctl restart fail2ban'' or ''journalctl -u fail2ban -xe'' to check fail2ban start correctly 
 +  *''sudo iptables -S'' to check iptable 
  
-===Home Server Index=== +----
-++++Home Server Index|<pagelist&header> +
-*[[home_server:home_server_setup:summary]] +
-*[[home_server:home_server_setup:home_it_setup]] +
-*[[home_server:home_server_setup:Network_setup]] +
-*[[home_server:home_server_setup:kvm]] +
-*[[home_server:home_server_setup:vnc_setup]] +
-*[[home_server:home_server_setup:disk_check]] +
-*[[home_server:home_server_setup:other_services]] +
-</pagelist>+++++
  
-===Home Server Other Index=== 
-++++Home Server Other Index|<pagelist&header> 
-*[[home_server:home_server_setup:other_services:index]] 
-*[[home_server:home_server_setup:other_services:timedate]] 
-*[[home_server:home_server_setup:other_services:aptcache]] 
-*[[home_server:home_server_setup:other_services:swap]] 
-*[[home_server:home_server_setup:other_services:bash]] 
-*[[home_server:home_server_setup:other_services:vim]] 
-*[[home_server:home_server_setup:other_services:symlinks]] 
-*[[home_server:home_server_setup:other_services:fail2ban]] 
-*[[home_server:home_server_setup:other_services:monit]] 
-*[[home_server:home_server_setup:other_services:tripwire]] 
-*[[home_server:home_server_setup:other_services:misc]] 
-</pagelist>++++ 
  
 <- home_server:home_server_setup:other_services:symlinks|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:monit|Next -> <- home_server:home_server_setup:other_services:symlinks|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:monit|Next ->