LINUX > installer Fail2ban sous Ubutun 14.04

INSTALLATION

Installing Fail2ban is very simple just run:

sudo apt-get update
sudo apt-get install fail2ban

CONFIGURATION

Duplicate the default Fail2ban configuration file and to work on a local copy. To create a local copy (jail.local) just run:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

 

Make all your changes and additions to the jail.local file :

sudo vim /etc/fail2ban/jail.local

 

The [DEFAULT] section:

 

ignoreip:, seul 127.0.0.1 is whitelisted, you should also add your VPS and Local IP addresses into the ignoreip line.

example: ignoreip = 127.0.0.0 122.122.122.0/24 23.23.23.23

 

bantime:, the ban time (in seconds). You can use a negative number for permanent ban.

 

maxretry:, the number of failures before an IP get banned.

 

destemail:, the email to which the alerts will be sent. You should put your email address.

 

action:, if you want to receive alerts with whois report and relevant log lines, change it to:action = %(action_mwl)s

JAILS

Jails are the rules which Fail2Ban apply to a given service and are combination of a filter and action.

By default only the ssh jail is enabled, you can enable additional jails according to your needs by changing enabled = false to enabled = true

 

Finally restart the Fail2Ban service so that the changes take effect.

sudo /etc/init.d/fail2ban restart

Tweak Filters

If you want to tweak the existing filters or add some new filters, you can find them in the /etc/fail2ban/filter.d/ directory.
For example if you want to edit the Fail2Ban filter for the OpenSSH service, open end edit the following file:

sudo vim /etc/fail2ban/filter.d/sshd.conf

 

Do not forget to restart the Fail2Ban service after you make changes to the configuration files.