picatz / goldengirl

✨ All that shimmers is gold!
MIT License
3 stars 0 forks source link

fail2ban configuration #6

Open picatz opened 6 years ago

picatz commented 6 years ago

We have fail2ban installed -- but not configured.

malwaremily commented 6 years ago

some stuff?

create a local jail

sudo cp /etc/fail2ban/jail.conf > /etc/fail2ban/jail.local

edit jail file

echo "ignoreip = 10.0.2.15/24" >> /etc/fail2ban/jail.local echo "bantime = 300" >> /etc/fail2ban/jail.local echo "findtime = 600" >> /etc/fail2ban/jail.local echo "logpath = /var/log/secure" >> /etc/fail2ban/jail.local

add SSH jail

touch /etc/fail2ban/jail.d/sshd.local

edit SSH jail

echo "[sshd]" >> /etc/fail2ban/sshd.local echo "enabled = true" >> /etc/fail2ban/sshd.local echo "port = ssh" >> /etc/fail2ban/sshd.local if port is not 22 then change ssh to port number echo "#action = firewallcmd-ipset" >> /etc/fail2ban/sshd.local echo "logpath = %(sshd_log)s" >> /etc/fail2ban/sshd.local echo "maxretry = 5" >> /etc/fail2ban/sshd.local echo "bantime = 600" >> /etc/fail2ban/sshd.local

restart service

service fail2ban restart fail2ban-client reload

run fail2ban service

systemctl enable fail2ban systemctl start fail2ban

track failed login entries

cat /var/log/secure | grep 'Failed password'

malwaremily commented 6 years ago

to investigate further

External command that will take an tagged arguments to ignore, e.g. ,

and return true if the IP is to be ignored. False otherwise.

ignorecommand = /path/to/command

ignorecommand =

malwaremily commented 6 years ago

Sources/Docs:

https://www.howtoforge.com/tutorial/how-to-install-fail2ban-on-centos/#configure-settings-for-failban