Difference between revisions of "Fail2ban"
(Created page with "fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu....") |
|||
Line 10: | Line 10: | ||
In order to enable any jails, you'll need to set one to enabled=true. Editing jail.local is considered taboo, so to do this: | In order to enable any jails, you'll need to set one to enabled=true. Editing jail.local is considered taboo, so to do this: | ||
+ | |||
<code># vim /etc/fail2ban/jail.local</code> | <code># vim /etc/fail2ban/jail.local</code> | ||
<nowiki>[sshd] | <nowiki>[sshd] |
Revision as of 16:12, 4 January 2018
fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu. Here are the things you'll need to configure to get it going.
First, install it:
# yum install fail2ban
This will likely come with the fail2ban-firewalld package. We don't want this, so
# rm /etc/fail2ban/jail.d/00-firewalld.conf
In order to enable any jails, you'll need to set one to enabled=true. Editing jail.local is considered taboo, so to do this:
# vim /etc/fail2ban/jail.local
[sshd] enabled=true
then when you:
# systemctl start fail2an.service
You should see the firewall table f2b-sshd (or fail2ban-sshd under Ubuntu) be created and linked to INPUT. Puppet will move this around a little, but it'll never put the fail2ban below the accept lines on this table (Because it considered any uncontrolled lines to have a number of 9000, so any new ACCEPT entries to INPUT table must have a number > 9000 )
Don't forget to:
# systemctl enable fail2ban.service