lock_attempts_ssh
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
lock_attempts_ssh [2014/09/01 03:22] – k0kad | lock_attempts_ssh [2014/09/01 03:32] (current) – k0kad | ||
---|---|---|---|
Line 4: | Line 4: | ||
~K0KAD | ~K0KAD | ||
- | **Step One—Install Fail2Ban** | + | ===== Step One—Install Fail2Ban |
Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: | Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: | ||
Line 13: | Line 14: | ||
'' | '' | ||
- | **Step Two—Copy the Configuration File** | + | |
+ | ===== Step Two—Copy the Configuration File ===== | ||
The default fail2ban configuration file is location at / | The default fail2ban configuration file is location at / | ||
Line 19: | Line 22: | ||
After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. | After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. | ||
- | **Step Three—Configure defaults in Jail.Local** | + | ===== Step Three—Configure defaults in Jail.Local |
Open up the the new fail2ban configuration file: | Open up the the new fail2ban configuration file: | ||
Line 52: | Line 56: | ||
Findtime refers to the amount of time that a host has to log in. The default setting is 10 minutes; this means that if a host attempts, and fails, to log in more than the maxretry number of times in the designated 10 minutes, they will be banned. | Findtime refers to the amount of time that a host has to log in. The default setting is 10 minutes; this means that if a host attempts, and fails, to log in more than the maxretry number of times in the designated 10 minutes, they will be banned. | ||
- | Step Four (Optional)—Configure the ssh-iptables Section in Jail.Local | + | ===== Step Four (Optional) |
+ | Configure the ssh-iptables Section in Jail.Local | ||
The SSH details section is just a little further down in the config, and it is already set up and turned on. Although you should not be required to make to make any changes within this section, you can find the details about each line below. | The SSH details section is just a little further down in the config, and it is already set up and turned on. Although you should not be required to make to make any changes within this section, you can find the details about each line below. | ||
- | [ssh-iptables] | + | '' |
enabled | enabled | ||
+ | |||
filter | filter | ||
+ | |||
action | action | ||
| | ||
+ | |||
logpath | logpath | ||
- | maxretry = 5 | + | |
+ | maxretry = 5'' | ||
Enabled simply refers to the fact that SSH protection is on. You can turn it off with the word " | Enabled simply refers to the fact that SSH protection is on. You can turn it off with the word " | ||
Line 73: | Line 83: | ||
eg. iptables[name=SSH, | eg. iptables[name=SSH, | ||
You can change the protocol from TCP to UDP in this line as well, depending on which one you want fail2ban to monitor. | You can change the protocol from TCP to UDP in this line as well, depending on which one you want fail2ban to monitor. | ||
- | |||
- | If you have a mail server set up on your virtual private server, Fail2Ban can email you when it bans an IP address. In the default case, the sendmail-whois refers to the actions located at / | ||
log path refers to the log location that fail2ban will track. | log path refers to the log location that fail2ban will track. | ||
Line 80: | Line 88: | ||
The max retry line within the SSH section has the same definition as the default option. However, if you have enabled multiple services and want to have specific values for each one, you can set the new max retry amount for SSH here. | The max retry line within the SSH section has the same definition as the default option. However, if you have enabled multiple services and want to have specific values for each one, you can set the new max retry amount for SSH here. | ||
- | Step Five—Restart Fail2Ban | + | ===== Step Five—Restart Fail2Ban |
After making any changes to the fail2ban config, always be sure to restart Fail2Ban: | After making any changes to the fail2ban config, always be sure to restart Fail2Ban: | ||
lock_attempts_ssh.txt · Last modified: 2014/09/01 03:32 by k0kad