Difference between revisions of "Fail2ban"
Line 9: | Line 9: | ||
<code># rm /etc/fail2ban/jail.d/00-firewalld.conf</code> | <code># rm /etc/fail2ban/jail.d/00-firewalld.conf</code> | ||
− | In order to enable any jails, you'll need to set one to enabled=true. Editing jail.local is considered taboo, so | + | In order to enable any jails, you'll need to set one to enabled=true. Editing anything besides jail.local is considered taboo, so do this: |
<code># vim /etc/fail2ban/jail.local</code> | <code># vim /etc/fail2ban/jail.local</code> | ||
Line 24: | Line 24: | ||
<code># systemctl enable fail2ban.service</code> | <code># systemctl enable fail2ban.service</code> | ||
+ | |||
+ | Another step one could take, is to whitelist successful logins, this is described [[fail2ban_whitelist|here]]. |
Latest revision as of 10:28, 11 January 2021
fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu. Here are the things you'll need to configure to get it going.
First, install it:
# yum install fail2ban
This will likely come with the fail2ban-firewalld package. We don't want this, so
# rm /etc/fail2ban/jail.d/00-firewalld.conf
In order to enable any jails, you'll need to set one to enabled=true. Editing anything besides jail.local is considered taboo, so do this:
# vim /etc/fail2ban/jail.local
[sshd] enabled=true
then when you:
# systemctl start fail2an.service
You should see the firewall table f2b-sshd (or fail2ban-sshd under Ubuntu) be created and linked to INPUT. Puppet will move this around a little, but it'll never put the fail2ban below the accept lines on this table (Because it considered any uncontrolled lines to have a number of 9000, so any new ACCEPT entries to INPUT table must have a number > 9000 )
Don't forget to:
# systemctl enable fail2ban.service
Another step one could take, is to whitelist successful logins, this is described here.