Fail2Ban

Fail2Ban (Site)


Intro

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.


Protect your Server

When you install PTSguide, fail2ban is installed by default. The basic settings are created directly, as well as the service runs with default settings.

Here in this section, you will only be told a little bit more about “fail2ban” and some settings on how to optimize your “fail2ban-service”.


Ban bad IPs 24h

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

only for EXPERT

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change the “bantime”, “findtime” & “maxretry” or you risk bricking your server.

Short description :

bann time = time for IP bans

findtime = the time to find the IP in the log

maxretry = maximum retries before banning the IP

Below are the edits for a 24h ban:

# "bantime" is the number of seconds that a host is banned."

bantime  = 86400m

# "A host is banned if it has generated "max-retry" during the last "find-time" seconds."

findtime  = 36000m

# "maxretry" is the number of failures before a host gets banned."

maxretry = 3
  1. CTRL + X ( then Y )
  2. /etc/init.d/fail2ban restart
  3. cd /var/log/
  4. tail -f fail2ban.log

Ban bad IPs 48h

PLEASE be careful !!! if you ban your IP you must wait for 48h to rejoin the Server.

only for EXPERT

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change the “bantime”, “findtime” & “maxretry” or you risk bricking your server.

# "bantime" is the number of seconds that a host is banned.
bantime  = 172800m

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 86400m

# "maxretry" is the number of failures before a host gets banned.
maxretry = 3
  1. CTRL + X ( then Y )
  2. /etc/init.d/fail2ban restart
  3. cd /var/log/
  4. tail -f fail2ban.log

Ban bad IPs 7D

PLEASE be careful !!! if you ban your IP you must wait for 7 days to rejoin the Server.

only for EXPERT

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change the “bantime”, “findtime” & “maxretry” or you risk bricking your server.

# "bantime" is the number of seconds that a host is banned.
bantime  = 604800m

# A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 172800m

# "maxretry" is the number of failures before a host gets banned.
maxretry = 2 
  1. CTRL + X ( then Y )
  2. /etc/init.d/fail2ban restart
  3. cd /var/log/
  4. tail -f fail2ban.log

unban IPs

With Fail2Ban v0.8.8 and later:

fail2ban-client set sshd unbanip IPADDRESSHERE
  1. login over secondary IP ( not banned IP )
  2. fail2ban-client status ( normaly PTSGuide use this one sshd )
  3. cat /var/log/fail2ban.log
  4. find the IP → right side are
  5. copy the IP if you want to unban !!! ( own risk )
  6. fail2ban-client set sshd unbanip IPADDRESSHERE
  7. try to login !
  8. if it failed
  9. go back to step 2.)
  10. be careful what IP you want to UNBAN !!

Source Information

1 Like