From LUG
Revision as of 10:28, 11 January 2021 by Haars001 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

fail2ban is an in-firewall means of preventing repeated attempts at logging in to a machine. As such, it interacts with the Puppet-controlled firewall under RHEL7 and Ubuntu. Here are the things you'll need to configure to get it going.

First, install it:

# yum install fail2ban

This will likely come with the fail2ban-firewalld package. We don't want this, so

# rm /etc/fail2ban/jail.d/00-firewalld.conf

In order to enable any jails, you'll need to set one to enabled=true. Editing anything besides jail.local is considered taboo, so do this:

# vim /etc/fail2ban/jail.local


then when you:

# systemctl start fail2an.service

You should see the firewall table f2b-sshd (or fail2ban-sshd under Ubuntu) be created and linked to INPUT. Puppet will move this around a little, but it'll never put the fail2ban below the accept lines on this table (Because it considered any uncontrolled lines to have a number of 9000, so any new ACCEPT entries to INPUT table must have a number > 9000 )

Don't forget to:

# systemctl enable fail2ban.service

Another step one could take, is to whitelist successful logins, this is described here.