asif
/
fail2banUFW
1
0
Fork 0
Code Issues Pull Requests Releases 3 Wiki Activity
Fail2Ban setup that monitors UFW logs to detect and dynamically block systems that are port-probing your server. Monitors SSH as normal.
12 Commits 1 Branch 3 Tags 69 KiB
Shell 100%
Go to file
Asif Bacchus 6b60d05ae1 Creating readme to explain contents of this git 2018-09-29 18:03:59 -06:00
.vscode Created custom jail: UFW-probe to catch port-probing. 2018-09-29 17:22:46 -06:00
etc/fail2ban Default ufw.conf action file from F2B with blocktype changed 2018-09-29 17:26:23 -06:00
README.md Creating readme to explain contents of this git 2018-09-29 18:03:59 -06:00

README.md

Fail2Ban: Basic set up for an exposed system

Overview

This is a basic set up for Fail2Ban on an system that is directly exposed to the internet (i.e. not behind a separate firewall). In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection attempts to closed ports, etc.) is activated. This should aid in blocking 'scriptkiddies' and port-scanning attacks, reducing the resources your server has to allocate to processing bogus requests. F2B will automatically create UFW rules to drop connections from systems that try to make repeated invalid connection attempts and then remove the block automatically after the 'bantime' has expired.

Installing an up-to-date Fail2Ban version

The F2B version available via apt for Debian/Ubuntu is old and does not support IP6 (as at the time of this document being written). So let's grab a newer version from the source at github.

Note: Only versions 0.10+ offer IP6 support.

  • Switch to your home directory or somewhere you can work with downloaded files.

  • Get the latest version of Fail2Ban, switch to the created directory and install it using the python installer script.

    # get latest fail2ban version
git clone https://github.com/fail2ban/fail2ban.git
# change to the newly created directory containing f2b
cd fail2ban
# run the installer
sudo python setup.py install

  • Let's test the installation by running fail2ban-client. If it displays the help screen, then things are probably set up properly.

    fail2ban-client -h

  • Now, let's configure systemd to load fail2ban automatically on system start-up.

    # copy the service file to the correct location
sudo cp files/debian-initd /etc/init.d/fail2ban
# tell systemd to refresh itself to recognize the new service
sudo update-rc.d fail2ban defaults

  • Let's go ahead and start the service to make sure it doesn't run into any problems. You shouldn't see any errors reported and should have a pleasant 'green dot' showing up.

    # start the service
sudo systemctl start fail2ban.service
# check it's status for any errors
sudo systemctl status fail2ban.service

  • One more test just to be sure everything is set up. You should see f2b report it's version without any errors being generated.

    fail2ban-client version

Customizing your set up