{{tag>fail2ban failtoban setup customise linux security}}
=====Fail2Ban=====
Scans log files and check for in appropriate password activities and update and uses firewall (IPTables) to restrict (stop for a period of time) these activities. So fail2ban limits incorrect authorisation attempts, thereby reducing, but not entirely eliminating associated risks and bandwidths. It is primarily used on port and associated services open to the public. DigitalOcean [[https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04|How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04]] and [[https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server|How Fail2Ban Works to Protect Services on a Linux Server]]. Also see the wiki of Fail2Ban on [[https://wiki.meurisse.org/wiki/Fail2Ban|nftables]] and Fail2ban [[https://github.com/fail2ban/fail2ban/issues/1118|Add support for nftables #1118]] and [[https://github.com/fail2ban/fail2ban/pull/1292|Add nftables actions #1292]].
*''sudo apt install fail2ban'' to install fail2ban
*''sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local'' copy the main configuration file to a local file to be modified. It is recommended not to change the main file as it is updated with the package.
*''sudo vim /etc/fail2ban/jail.local'' and adjust the following basic settings:
*''ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24''
*''bantime = 60m''
*''findtime = 60m''
*''maxretry = 4''
*then adjust each jail to be activated:
*
[postfix]
# To use another modes set filter parameter "mode" in jail.local:
enable = true
mode = more
bantime = 12h
port = smtp,465,submission
logpath = %(postfix_log)s
backend = %(postfix_backend)s
*
[postfix-sasl]
enabled = true
bantime = 12h
filter = postfix[mode=auth]
port = smtp,465,submission,imap,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath = %(postfix_log)s
backend = %(postfix_backend)s
*''sudo systemctl restart fail2ban''
*''sudo systemctl restart fail2ban'' or ''journalctl -u fail2ban -xe'' to check fail2ban start correctly
*''sudo iptables -S'' to check iptable
----
<- home_server:home_server_setup:other_services:symlinks|Prev ^ home_server:home_server_setup:other_services:index|Start page ^ home_server:home_server_setup:other_services:monit|Next ->