Difference between revisions of "Fail2ban"
(Created page with "fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu....") |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 9: | Line 9: | ||
<code># rm /etc/fail2ban/jail.d/00-firewalld.conf</code> | <code># rm /etc/fail2ban/jail.d/00-firewalld.conf</code> | ||
| − | In order to enable any jails, you'll need to set one to enabled=true. Editing jail.local is considered taboo, so | + | In order to enable any jails, you'll need to set one to enabled=true. Editing anything besides jail.local is considered taboo, so do this: |
| + | |||
<code># vim /etc/fail2ban/jail.local</code> | <code># vim /etc/fail2ban/jail.local</code> | ||
<nowiki>[sshd] | <nowiki>[sshd] | ||
| Line 23: | Line 24: | ||
<code># systemctl enable fail2ban.service</code> | <code># systemctl enable fail2ban.service</code> | ||
| + | |||
| + | Another step one could take, is to whitelist successful logins, this is described [[fail2ban_whitelist|here]]. | ||
Latest revision as of 10:28, 11 January 2021
fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu. Here are the things you'll need to configure to get it going.
First, install it:
# yum install fail2ban
This will likely come with the fail2ban-firewalld package. We don't want this, so
# rm /etc/fail2ban/jail.d/00-firewalld.conf
In order to enable any jails, you'll need to set one to enabled=true. Editing anything besides jail.local is considered taboo, so do this:
# vim /etc/fail2ban/jail.local
[sshd] enabled=true
then when you:
# systemctl start fail2an.service
You should see the firewall table f2b-sshd (or fail2ban-sshd under Ubuntu) be created and linked to INPUT. Puppet will move this around a little, but it'll never put the fail2ban below the accept lines on this table (Because it considered any uncontrolled lines to have a number of 9000, so any new ACCEPT entries to INPUT table must have a number > 9000 )
Don't forget to:
# systemctl enable fail2ban.service
Another step one could take, is to whitelist successful logins, this is described here.
