This is an old revision of the document!

Systems - Media Server - Secure the Server

Various security enhancements.

Install fail2ban

Update the system:

sudo apt update && sudo apt upgrade

Install Fail2Ban

sudo apt install fail2ban

Configure Fail2Ban

The default configuration is defined in /etc/fail2ban/jail.conf.

WARNING: The default values may change with package updates, so if you want to change the settings, create a jail.local file and modify it.

/etc/fail2ban/jail.conf

# line 87 : ignore your own local IP
#ignoreself = true
 
# line 92 : possible to add ignored networks
#ignoreip = 127.0.0.1/8 ::1
 
# line 101 : number of seconds that a host is banned
# - 1m ⇒ 1 minutes
# - 1h ⇒ 1 houer
# - 1d ⇒ 1 day
# - 1mo ⇒ 1 month
# - 1y ⇒ 1 year
bantime  = 10m
 
# line 105 : A host is banned if it has generated "maxretry" during the last "findtime"
findtime  = 10m
 
# line 108 : "maxretry" is the number of failures before a host get banned
maxretry = 5
 
# line 178 : destination email address if enabling email notification
destemail = root@localhost
 
# line 181 : sender address if enabling email notification
sender = root@<fq-hostname>
 
# line 263 : default action
# - %(action_)s ⇒ ban only
# - %(action_mw)s ⇒ band and email notification (includes Whois info)
# - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs)
action = %(action_)s

Create a /etc/fail2ban/jail.local file

Override the default values.

/etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime  = 1d
findtime  = 5m
maxretry = 5
destemail = root@localhost
sender = root@mediaserver

Restart Fail2Ban

sudo systemctl restart fail2ban

Verify Fail2Ban

sudo systemctl status fail2ban

Wiki

Table of Contents