What's new
PGBlitz.com

Register Now! Find useful tips, Interact /w Community Members and join the part the Best Community on the Internet!

Fail2Ban

Deiteq

Administrator
Project Manager
These are some settings found to perform a BanHammer on those who want to hack into your server via SSH
Reference : https://nerdily.org/2017/upgrading-fail2ban-to-a-permanent-banhammer/

On a fresh server if you wait an hour or so, this will show you a list of IP's that have been trying to access your server :-
sudo cat /var/log/fail2ban.log

Now make a copy of jail
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit jail.local
sudo nano /etc/fail2ban/jail.local

Change host bantime from 600 to -1 for infinity (normally found around line 59)
bantime = -1

View attachment 139
Then edit iptables
sudo nano /etc/fail2ban/action.d/iptables-multiport.conf

Find :-
Code:
actionstart = <iptables> -N f2b-<name>
              <iptables> -A f2b-<name> -j <returntype>
              <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
Underneath add (just double click on it to highlight entire line for copy&paste):-
Code:
              cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \
              | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done
actionstart.JPG
Find :-
Code:
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
Underneath add (just double click on it to highlight entire line for copy&paste):-
Code:
            echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans
actionban.JPG

Finally restart Fail2Ban
sudo service fail2ban restart

NOTE: You can checkout a guide for Ubuntu 18.04 HERE!
 
Last edited:

timetrex

Senior Member
Staff
To clarify, do you ave to repeat this process of banning ip's or will this automatically update and ban the Ip's from the log file?
 
Assists Greatly with Development Costs

Admin9705

Administrator
Project Manager
Is this automatically implemented now? I notice the newer wiki removes refereces to fail2ban and if I run sudo cat /var/log/fail2ban.log it does show that ips are being banned.
fail2ban is installed generically, but the guide wasn't written by me. i have tons of other focuses (though security is important)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Development Donations

 

Top NZB NewsGroups!

Members - Up To a 58% Discount!

Trending

Online statistics

Members online
13
Guests online
87
Total visitors
100
Top