fail2ban - Scans logs, bans failed password IPs using iptables rules
ChangeLog
| Web site: | https://www.fail2ban.org/ |
| Repository: | https://github.com/fail2ban/fail2ban |
HOWTO
# Fail2ban
# ========
# To avoid having any old, unused files from previous versions, the best
# way is to back up configuration files, remove the old version first, then
# install the new one. See the bottom for info about doing that. Notes are
# included inline here also in case you can not do that.
# Python modules/packages
# =======================
# Pyinotify (optional)
# dnspython (optional)
# Install/upgrade using pip:
su -c "pip install --upgrade pyinotify dnspython"
## or install/upgrade using easy_install from setuptools:
#su -c "easy_install --upgrade pyinotify dnspython"
# Fail2ban 1.0.2 (2022-11-09)
# ==============
# Prerequisites:
# Python >= 2.6 or >= 3.2
# Pyinotify >= 0.8.3 (optional; see above)
# dnspython (optional; see above)
# gamin >= 0.0.21 (optional)
# systemd >= 204 (optional)
# Get the Fail2ban source
cd
test -f installed/fail2ban-1.0.2.tar.gz &&
mv installed/fail2ban-1.0.2.tar.gz .
test ! -f fail2ban-1.0.2.tar.gz &&
wget https://github.com/fail2ban/fail2ban/archive/refs/tags/1.0.2.tar.gz \
-O fail2ban-1.0.2.tar.gz
# Verify tarball w/ sha256sum:
# (this came from my gpg-verified tarball, so only proves yours is the same)
echo "ae8b0b41f27a7be12d40488789d6c258029b23a01168e3c0d347ee80b325ac\
23 fail2ban-1.0.2.tar.gz" | sha256sum -c
# Verify tarball w/ GPG:
( gpg --list-keys BD0A882C > /dev/null 2>&1 ||
gpg --keyserver keys.gnupg.net --recv-keys BD0A882C ) &&
wget -nc https://github.com/fail2ban/fail2ban/releases/download/\
1.0.2/fail2ban-1.0.2.tar.gz.asc &&
gpg --verify fail2ban-1.0.2.tar.gz.asc &&
rm fail2ban-1.0.2.tar.gz.asc
# Extract the tarball
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1 -type d -name "fail2ban-*" -exec rm -r {} \;
tar xzvf ~/fail2ban-1.0.2.tar.gz
cd fail2ban-1.0.2
test $UID = 0 && chown -R root:root .
# Make sure you read README.md and ChangeLog if this is an upgrade for you
# and more docs are available online:
# GitHub fail2ban wiki
# Become root to install and configure it
su
# Install Python bits
test -x /usr/bin/python2 &&
( /usr/bin/python2 -m pip install --upgrade pip
/usr/bin/pip2 install --upgrade pyinotify )
test -x /usr/bin/python3 &&
( /usr/bin/python3 -m pip install --upgrade pip
/usr/bin/pip3 install --upgrade pyinotify
/usr/bin/pip3 install --upgrade 2to3 )
# If using Python 3.x for fail2ban, do this before compiling or
# altering anything
./fail2ban-2to3
# If you are upgrading fail2ban, back up your configuration files
# No .local files would be removed or overwritten, but as the saying goes:
# it's better to be safe than sorry. If you customized any .conf files
# they will be overwritten.
mkdir -p -m 0700 ~/backup/fail2ban
test -d /etc/fail2ban &&
( cd /etc/fail2ban
tar cJvf ~/backup/fail2ban/fail2ban-$(date +%Y%m%d).tar.xz . )
test -f /var/lib/fail2ban/fail2ban.sqlite &&
cp -a /var/lib/fail2ban/fail2ban.sqlite \
~/backup/fail2ban/fail2ban-$(date +%Y%m%d).sqlite
# If you have an installed and functioning fail2ban, you can also
# dump the configuration like so
test -x /usr/bin/fail2ban-client &&
/usr/bin/fail2ban-client -d > ~/backup/fail2ban/$(date +%Y%m%d)-dump.txt
# /usr/share/doc is usually a symlink to /usr/doc in Slackware
# Docs are installed to /usr/share/doc/fail2ban
# To change that, use a symlink pointing elsewhere or modify lines in
# setup.py that have /usr/share/doc instead of /usr/doc.
# If you are installing a newer version than covered here, look for
# "doc_files" in there
# Install Fail2ban
python setup.py install --without-tests
# Install the man pages manually, which are not installed above
# Feel free to gzip or otherwise compress them, but they only take up about
# 61k total.
test -d /usr/man/man1 && install man/*.1 /usr/man/man1/
test -d /usr/man/man5 && install man/*.5 /usr/man/man5/
test ! -d /usr/man/man1 -a -d /usr/share/man/man1 &&
install man/*.1 /usr/share/man/man1/
test ! -d /usr/man/man5 -a -d /usr/share/man/man5 &&
install man/*.5 /usr/share/man/man5/
# If you find yourself creating your own filter files in
# /etc/fail2ban/filter.d/, you may want to name them yourname-whatever.conf
# rather than modifying the existing files that are bundled with fail2ban,
# the bundled .conf files would be replaced in an upgrade.
# Configuration files are in /etc/fail2ban, binaries are in /usr/bin, docs
# are in /usr/share/doc/fail2ban, data files are in
# /usr/lib*/python*/site-packages/fail2ban/,
# pid and socket files will be in /var/run/fail2ban
# For info about configuration, see:
# /usr/doc/fail2ban/*
# man fail2ban
# man fail2ban-client
# man fail2ban-python
# man fail2ban-regex
# man fail2ban-server
# man fail2ban-testcases
# man jail.conf
# https://www.fail2ban.org/wiki/index.php/Main_Page
# https://github.com/fail2ban/fail2ban/wiki
# If upgrading, you may have old files left over from previous releases
# in /usr/share/fail2ban
#
# Any file under /usr/share/fail2ban/client, common, server, and testcases
# that ends with .py should have a matching .pyc file with today's date.
# If not it is probably a file from an old version that is no longer in use.
#
# You can check for old action files by comparing what is in the source
# with what you have in /etc/fail2ban/action.d/:
diff -r config/action.d/ /etc/fail2ban/action.d/
#
# You can check for old filter files by comparing what is in the source
# with what you have in /etc/fail2ban/filter.d/:
diff -r config/filter.d/ /etc/fail2ban/filter.d/
# Run this to make sure it's OK (and to see commandline usage)
fail2ban-client -h
# I run Fail2ban from my firewall script that sets up the iptables rules.
# This way if the firewall rules are re-set, Fail2ban won't be thinking
# someone is "banned" when they're really not. I still install the init
# script as seen below, but only set it to automatically run it on
# shutdown or reboot.
#
# If you will not be running it from a firewall script, you can either
# set it to run (fail2ban-client start) out of /etc/rc.d/rc.local, or if
# you've got a modern Slackware with rc.sysvinit rc?.d directories (and
# do not already have the systemd setup installed), install an init script
# to start it on boot-up.
#
# This will install the init script:
install -m 700 files/redhat-initd /etc/rc.d/init.d/fail2ban
# This will set it to run the init script on boot-up; don't set these
# if running from a firewall script or it will run twice
( cd /etc/rc.d/rc3.d && ln -sf ../init.d/fail2ban S92fail2ban )
( cd /etc/rc.d/rc4.d && ln -sf ../init.d/fail2ban S92fail2ban )
( cd /etc/rc.d/rc5.d && ln -sf ../init.d/fail2ban S92fail2ban )
# This will set it to run the init script on shutdown or reboot:
( cd /etc/rc.d/rc0.d && ln -sf ../init.d/fail2ban K08fail2ban )
( cd /etc/rc.d/rc6.d && ln -sf ../init.d/fail2ban K08fail2ban )
# Create a copy of fail2ban.conf as fail2ban.local and jail.conf as
# jail.local, then configure your changes in the .local files.
# They only need to include overriding changes to what is already
# in the corresponding .conf file. You can also create one jail rule
# per file under /etc/fail2ban/jail.d/ if you prefer.
test ! -f /etc/fail2ban/fail2ban.local &&
cp -a /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
test ! -f /etc/fail2ban/jail.local &&
cp -a /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# In addition to the .local files in /etc/fail2ban/, you can also create
# a .local file overriding settings in any .conf file. Good examples for
# this are setting sendmail sender and recipient addresses in
# sendmail-common.local and the iptables blocking jump target in
# iptables-blocktype.local (e.g. if you want a custom one instead of DROP)
# Test your configuration
fail2ban-client --test
# If you have /etc/fail2ban/fail2ban.local set to log to a file (not via
# syslog), set logrotate
cat << EOF > /etc/logrotate.d/fail2ban
/var/log/fail2ban.log {
daily
rotate 6
missingok
compress
postrotate
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null
endscript
}
EOF
chmod 600 /etc/logrotate.d/fail2ban
## With that init script, do this to start|stop|restart and get status:
# /etc/rc.d/init.d/fail2ban start
# /etc/rc.d/init.d/fail2ban stop
# /etc/rc.d/init.d/fail2ban reload
# /etc/rc.d/init.d/fail2ban restart
# /etc/rc.d/init.d/fail2ban status
# Become your non-root user again
exit
# Save the tarball for later
cd
mkdir -p -m 0700 installed
rm -f installed/fail2ban-*.tar.*
mv fail2ban-1.0.2.tar.gz installed/
# If you ever want to uninstall Fail2ban, this should do it:
cd
su
test -d /etc/fail2ban && rm -r /etc/fail2ban
( cd /usr/bin ; rm -f fail2ban-client fail2ban-regex fail2ban-server )
( cd /usr/man/man1
rm -f fail2ban-client.1 fail2ban-regex.1 fail2ban-server.1 fail2ban.1 )
rm /usr/man/man5/jail.conf.5
test -d /usr/share/fail2ban && rm -r /usr/share/fail2ban
test -d /var/run/fail2ban && rm -r /var/run/fail2ban
test -d /usr/share/doc/fail2ban && rm -r /usr/share/doc/fail2ban
exit
find ~/src -maxdepth 1 -type d -name "fail2ban-*" -exec rm -r {} \;
rm -f ~/installed/fail2ban-*.tar.*
List of HOWTOs
Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2023-10-04 2:56pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
HOWTO last updated: 2023-10-04 2:56pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
![[HTML5]](HTML5_Logo_64-black.png){kind=logo}
