From 6b60d05ae14a5bd49d0372850773a5656c459bd9 Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Sat, 29 Sep 2018 18:03:59 -0600 Subject: [PATCH] Creating readme to explain contents of this git --- README.md | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a14fd43..c1d019b 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,71 @@ -# fail2ban-basic +# Fail2Ban: Basic set up for an exposed system + +## Overview + +This is a basic set up for Fail2Ban on an system that is directly exposed to the +internet (i.e. not behind a separate firewall). In addition to the standard +SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection +attempts to closed ports, etc.) is activated. This should aid in blocking +'scriptkiddies' and port-scanning attacks, reducing the resources your server +has to allocate to processing bogus requests. F2B will automatically create UFW +rules to drop connections from systems that try to make repeated invalid +connection attempts and then remove the block automatically after the 'bantime' +has expired. + +## Installing an up-to-date Fail2Ban version + +The F2B version available via apt for Debian/Ubuntu is old and does *not* +support IP6 (as at the time of this document being written). So let's grab a +newer version from the source at github. + +*Note: Only versions 0.10+ offer IP6 support.* + +- Switch to your home directory or somewhere you can work with downloaded files. +- Get the latest version of Fail2Ban, switch to the created directory and + install it using the python installer script. + + ```Bash + # get latest fail2ban version + git clone https://github.com/fail2ban/fail2ban.git + # change to the newly created directory containing f2b + cd fail2ban + # run the installer + sudo python setup.py install + ``` + +- Let's test the installation by running fail2ban-client. If it displays the + help screen, then things are probably set up properly. + + ```Bash + fail2ban-client -h + ``` + +- Now, let's configure systemd to load fail2ban automatically on system start-up. + + ```Bash + # copy the service file to the correct location + sudo cp files/debian-initd /etc/init.d/fail2ban + # tell systemd to refresh itself to recognize the new service + sudo update-rc.d fail2ban defaults + ``` + +- Let's go ahead and start the service to make sure it doesn't run into any + problems. You shouldn't see any errors reported and should have a pleasant + 'green dot' showing up. + + ```Bash + # start the service + sudo systemctl start fail2ban.service + # check it's status for any errors + sudo systemctl status fail2ban.service + ``` + +- One more test just to be sure everything is set up. You should see f2b report + it's version without any errors being generated. + + ```Bash + fail2ban-client version + ``` + +## Customizing your set up