Creating readme to explain contents of this git
This commit is contained in:
Asif Bacchus
parent
15cf08c1dd
commit
6b60d05ae1
71
README.md
71
README.md
@ -1,2 +1,71 @@
|
|||||||
# fail2ban-basic
|
# Fail2Ban: Basic set up for an exposed system
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
This is a basic set up for Fail2Ban on an system that is directly exposed to the
|
||||||
|
internet (i.e. not behind a separate firewall). In addition to the standard
|
||||||
|
SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection
|
||||||
|
attempts to closed ports, etc.) is activated. This should aid in blocking
|
||||||
|
'scriptkiddies' and port-scanning attacks, reducing the resources your server
|
||||||
|
has to allocate to processing bogus requests. F2B will automatically create UFW
|
||||||
|
rules to drop connections from systems that try to make repeated invalid
|
||||||
|
connection attempts and then remove the block automatically after the 'bantime'
|
||||||
|
has expired.
|
||||||
|
|
||||||
|
## Installing an up-to-date Fail2Ban version
|
||||||
|
|
||||||
|
The F2B version available via apt for Debian/Ubuntu is old and does *not*
|
||||||
|
support IP6 (as at the time of this document being written). So let's grab a
|
||||||
|
newer version from the source at github.
|
||||||
|
|
||||||
|
*Note: Only versions 0.10+ offer IP6 support.*
|
||||||
|
|
||||||
|
- Switch to your home directory or somewhere you can work with downloaded files.
|
||||||
|
- Get the latest version of Fail2Ban, switch to the created directory and
|
||||||
|
install it using the python installer script.
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
# get latest fail2ban version
|
||||||
|
git clone https://github.com/fail2ban/fail2ban.git
|
||||||
|
# change to the newly created directory containing f2b
|
||||||
|
cd fail2ban
|
||||||
|
# run the installer
|
||||||
|
sudo python setup.py install
|
||||||
|
```
|
||||||
|
|
||||||
|
- Let's test the installation by running fail2ban-client. If it displays the
|
||||||
|
help screen, then things are probably set up properly.
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
fail2ban-client -h
|
||||||
|
```
|
||||||
|
|
||||||
|
- Now, let's configure systemd to load fail2ban automatically on system start-up.
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
# copy the service file to the correct location
|
||||||
|
sudo cp files/debian-initd /etc/init.d/fail2ban
|
||||||
|
# tell systemd to refresh itself to recognize the new service
|
||||||
|
sudo update-rc.d fail2ban defaults
|
||||||
|
```
|
||||||
|
|
||||||
|
- Let's go ahead and start the service to make sure it doesn't run into any
|
||||||
|
problems. You shouldn't see any errors reported and should have a pleasant
|
||||||
|
'green dot' showing up.
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
# start the service
|
||||||
|
sudo systemctl start fail2ban.service
|
||||||
|
# check it's status for any errors
|
||||||
|
sudo systemctl status fail2ban.service
|
||||||
|
```
|
||||||
|
|
||||||
|
- One more test just to be sure everything is set up. You should see f2b report
|
||||||
|
it's version without any errors being generated.
|
||||||
|
|
||||||
|
```Bash
|
||||||
|
fail2ban-client version
|
||||||
|
```
|
||||||
|
|
||||||
|
## Customizing your set up
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user