Fail2Ban: Difference between revisions
| mNo edit summary | mNo edit summary | ||
| Line 4: | Line 4: | ||
| {{:Linux fail2ban Installation}} | {{:Linux fail2ban Installation}} | ||
| === installation tips === | |||
| If you get the error: centos "No package fail2ban available" it is because, as of this writing, CentOS doesn't provide fail2ban.  There are a couple ways to get it anyway.  I recommend the rpm method mentioned above.  ''Didn't you see it before getting this far?'' | |||
| == configuration == | == configuration == | ||
Revision as of 14:16, 7 February 2014
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.
installation
First, you need to install Fail2Ban. For Redhat/Fedora use yum.
yum install fail2ban
CentOS: fail2ban is not available from CentOS. It will have to be manually downloaded. You can get it from EPEL, the Fedora repository.
wget http://mirror.pnl.gov/epel//6/i386/fail2ban-0.8.11-2.el6.noarch.rpm rpm -ih --percent fail2ban-0.8.11-2.el6.noarch.rpm
You might have some dependencies to install, like
yum install gamin-python wget http://mirror.pnl.gov/epel//6/i386/python-inotify-0.9.1-1.el6.noarch.rpm rpm -ih --percent python-inotify-0.9.1-1.el6.noarch.rpm
These are the most common 2 needed for CentOS users. Get them and any others possibly needed then try to install fail2ban again. Additional help is available for RPM Commands.
ALL LINUX DISTRIBUTIONS - Fail2ban is written in Python, thus no compilation is required. You can even run Fail2ban without installing it. It can always be obtained directly from http://www.fail2ban.org
installation tips
If you get the error: centos "No package fail2ban available" it is because, as of this writing, CentOS doesn't provide fail2ban. There are a couple ways to get it anyway. I recommend the rpm method mentioned above. Didn't you see it before getting this far?
configuration
parameters
Action describes the steps that fail2ban will take to ban a matching IP address. Just like the filter entry, each action refers to a file within the action.d directory. The default ban action,
/etc/fail2ban/action.d/iptables.conf
log path refers to the log location that fail2ban will track.
resources
|  Learn more... |