Difference between revisions of "Fail2Ban"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
m
Line 4: Line 4:
  
 
{{:Linux fail2ban Installation}}
 
{{:Linux fail2ban Installation}}
 +
 +
=== installation tips ===
 +
 +
If you get the error: centos "No package fail2ban available" it is because, as of this writing, CentOS doesn't provide fail2ban.  There are a couple ways to get it anyway.  I recommend the rpm method mentioned above.  ''Didn't you see it before getting this far?''
  
 
== configuration ==
 
== configuration ==

Revision as of 15:16, 7 February 2014

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

installation

First, you need to install Fail2Ban. For Redhat/Fedora use yum.

yum install fail2ban

CentOS: fail2ban is not available from CentOS. It will have to be manually downloaded. You can get it from EPEL, the Fedora repository.

 wget http://mirror.pnl.gov/epel//6/i386/fail2ban-0.8.11-2.el6.noarch.rpm
 rpm -ih --percent fail2ban-0.8.11-2.el6.noarch.rpm

You might have some dependencies to install, like

 yum install gamin-python
 wget http://mirror.pnl.gov/epel//6/i386/python-inotify-0.9.1-1.el6.noarch.rpm
 rpm -ih --percent python-inotify-0.9.1-1.el6.noarch.rpm

These are the most common 2 needed for CentOS users. Get them and any others possibly needed then try to install fail2ban again. Additional help is available for RPM Commands.

ALL LINUX DISTRIBUTIONS - Fail2ban is written in Python, thus no compilation is required. You can even run Fail2ban without installing it. It can always be obtained directly from http://www.fail2ban.org

installation tips

If you get the error: centos "No package fail2ban available" it is because, as of this writing, CentOS doesn't provide fail2ban. There are a couple ways to get it anyway. I recommend the rpm method mentioned above. Didn't you see it before getting this far?

configuration

parameters

Action describes the steps that fail2ban will take to ban a matching IP address. Just like the filter entry, each action refers to a file within the action.d directory. The default ban action,

/etc/fail2ban/action.d/iptables.conf

log path refers to the log location that fail2ban will track.

resources

 

Contributeduck176.gif
Note: This page is notably incomplete. You can help. Please contribute by registering your email address and adding your knowledge to this page. The D.U.C.K. wiki was created to be a free informative place that allows an open exchange of accurate information.
Learn more...