Differences

This shows you the differences between two versions of the page.

--- systems:media_server:secure_the_server:install_fail2ban [2025/05/30 19:40] – peter
+++ systems:media_server:secure_the_server:install_fail2ban [2025/05/30 21:31] (current) – peter
@@ Line 1: / Line 1: @@
 ====== Systems - Media Server - Secure the Server - Install fail2ban ======
-==== Update the system: ====
+**Fail2ban** is an intrusion prevention software framework.
+  * It bans IP addresses conducting too many failed login attempts.
+----
+===== Update the system: =====
 <code bash>
@@ Line 9: / Line 15: @@
 ----
-==== Install Fail2Ban ====
+===== Install Fail2Ban =====
 <code bash>
@@ Line 17: / Line 23: @@
 ----
-==== Configure Fail2Ban ====
+<WRAP info>
+**NOTE:**  For now, only the sshd service is monitored.
-The default configuration is defined in **/etc/fail2ban/jail.conf**.
+  * See [[Ubuntu:Fail2Ban|Fail2Ban]] for optionally monitoring other services.
-<WRAP important>
-**WARNING:** The default values may change with package updates, so if you want to change the settings, create a **jail.local** file and modify it.
 </WRAP>
-Here are salient lines from the default configuration:
-<file bash /etc/fail2ban/jail.conf>
-# line 87 : ignore your own local IP
-#ignoreself = true
-# line 92 : possible to add ignored networks
-#ignoreip = 127.0.0.1/8 ::1
-# line 101 : number of seconds that a host is banned
-# - 1m ⇒ 1 minutes
-# - 1h ⇒ 1 houer
-# - 1d ⇒ 1 day
-# - 1mo ⇒ 1 month
-# - 1y ⇒ 1 year
-bantime  = 10m
-# line 105 : A host is banned if it has generated "maxretry" during the last "findtime"
-findtime  = 10m
-# line 108 : "maxretry" is the number of failures before a host get banned
-maxretry = 5
-# line 178 : destination email address if enabling email notification
-destemail = root@localhost
-# line 181 : sender address if enabling email notification
-sender = root@<fq-hostname>
-# line 263 : default action
-# - %(action_)s ⇒ ban only
-# - %(action_mw)s ⇒ band and email notification (includes Whois info)
-# - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs)
-action = %(action_)s
-</file>
 ----
-==== Override the default values ====
+===== References =====
-As root, create a **/etc/fail2ban/jail.local** file.
+[[Ubuntu:Fail2Ban|Fail2Ban]]
-<file bash /etc/fail2ban/jail.local>
-[DEFAULT]
-ignoreip = 127.0.0.1/8 ::1
-bantime  = 1d
-findtime  = 5m
-maxretry = 5
-destemail = root@localhost
-sender = root@mediaserver
-</file>
-----
-==== Restart Fail2Ban ====
-<code bash>
-sudo systemctl restart fail2ban
-</code>
-----
-==== Verify Fail2Ban ====
-<code bash>
-sudo systemctl status fail2ban
-</code>
-returns:
-<code>
-fail2ban.service - Fail2Ban Service
-     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
-     Active: active (running) since Fri 2025-05-30 19:38:01 UTC; 6s ago
-       Docs: man:fail2ban(1)
-   Main PID: 3108 (fail2ban-server)
-      Tasks: 5 (limit: 154383)
-     Memory: 18.8M (peak: 19.8M)
-        CPU: 110ms
-     CGroup: /system.slice/fail2ban.service
-             └─3108 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
-May 30 19:38:01 mediaserver systemd[1]: Started fail2ban.service - Fail2Ban Service.
-May 30 19:38:02 mediaserver fail2ban-server[3108]: 2025-05-30 19:38:02,022 fail2ban.configreader   [3108]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
-May 30 19:38:02 mediaserver fail2ban-server[3108]: Server ready
-</code>
-----