πŸ’»
IT Documentation
  • πŸ₯³Welcome!
  • General Concepts
    • SCRUM
      • Workflow
    • DevOps
      • What is DevOps?
      • What is TDD? (Test Driven Development)
      • What is CI? (Continuous Integration)
      • What is code coverage?
      • Linting best practices
      • Ephemeral Environments
      • Rolling Deployments
      • Blue/Geen Deployments
      • Canary Deployments
      • What is autoscaling & serverless?
      • What is service discovery?
      • What is Log Aggregation?
      • Metric Monitoring
  • AI
    • ChatGPT
      • Better prompts for ChatGPT
  • Cloud
    • AWS
      • AWS - 40 most common Services
      • AWS CLI Cheatsheet
      • Account & IAM
        • Create AWS Account
      • Lambda
        • Create Lambda function for Lightsail
      • Route 53
        • Set up R53 DNS Entry for GitBook
      • RDS
        • AWS RDS Burst Balance
      • VPC
        • What is a VPC
      • EC2
        • Removing EC2 user from sudo list
        • Create a Windows Gaming VPS
        • Connecting to a AWS EC2 instance
    • Azure
      • Courses
        • AZ900 Course
          • Overview
            • Describe Core Concepts
            • Cloud Models (IaaS, PaaS, SaaS)
          • Benefits of Cloud Computing
          • Cloud Models and Cloud Types
            • Overview of Cloud Models
            • IaaS, PaaS, SaaS
            • The Serverless Model
            • Cloud Types
          • Core Azure Architectural Components
            • Overview
            • Regions & Availability Zones
            • Resource Groups & Subscriptions & Management Groups
            • Resources & Resource Manager
          • Core Resources available
            • Compute Resources
            • Networking Resources
            • Storage Resources
            • Database Services
            • Azure Marketplace
          • Azure Core Solutions
            • Overview
            • Internet of Things (IoT) Solutions
            • Big Data Solutions
            • AI Solutions
            • Azure Functions & Logic Apps and Event Grid
            • DevOps Solutions
          • Azure Management Tools
            • Overview
            • Managing Azure with ARM Templates
            • Azure Monitor & Azure Service Health
          • Azure Security Features
            • Overview
            • Azure Security Center
            • Azure Key Vault & Azure Sentinel
            • Azure Dedicated Hosts
          • Azure Network Security
            • Network Security Group (NGS), Firewall and DDoS Protection
          • Azure Identity Services
            • Overview
            • Benefits
            • Multi-Factor Authentication (MFA)
            • Authentication vs Authorization
          • Azure Governance Features
            • Authentification and RBAC
            • Resource Locks
            • Azure Policy
            • Azure Blueprints
            • Cloud Adoption Framework (CAF)
          • Compliance Features
            • Core tenets of Security, Privacy and Compliance
            • Privacy Statement and Online Service Terms (OST)
            • Trust Center
            • Azure Sovereign Regions
          • Manage Azure Costs
            • Overview
            • Best practices
            • Pricing calculator
            • Azure Cost Management
          • SLA (Service level Agreements)
      • Virtual Machines
        • VM
          • Create a VM in a VNET
          • Azure VM LVM corruption fix
        • VMSS
          • Add SSH Key to VMSS
  • Containerization
    • Docker
      • Docker Cheatsheet
      • Install docker on Debian
      • Docker misc stuff
    • Docker Swarm
      • Docker Swarm Cheatsheet
      • Set up docker swarm
      • Delete docker swarm
      • Mount and bind volumes
      • Deploy Portainer via docker swarm
    • Docker Compose
      • Jenkins via Docker Compose
      • PostgreSQL via Docker Compose
      • Wireguard via Docker Compose & HTTPS
    • Rancher
      • Rancher installation guide
  • Cluster Computing
    • Slurm
      • Job Manager is not responding
      • Create new user
    • OpsCenter
      • Clear old Snapshots
      • Issues listing snapshots with nodetool
  • Database
    • General SQL
      • Database introduction
      • SQL 101
      • SQL Cheatsheet
      • User rights
      • Table Creation
      • SQL Replication - Best practice
      • SQL Database Design
    • MS SQL
      • Update whole table fast
    • Oracle SQL (PL/SQL)
      • Oracle SQL Cheatsheet
      • Oracle SQL - Kill Sessions
    • PostgreSQL
      • Install PostgreSQL
      • Create PostgreSQL Role and Database
      • Managing Postgres with PgAdmin GUI
      • Enable remote access for PostgreSQL
      • Authentication on PostgreSQL
      • Returning in Postgres
    • SQLite
    • Flyway Overview
    • SSRS Overview
    • Cassandra
      • GC OutOfMemoryError
  • DevOps
    • Ansible
      • Ansible Cheatsheet
      • Common Ansible Tasks
    • Git
      • Git 101
      • Git 1kb files
      • Git Commit changes before merge
      • Git Misc
      • Git Markdown
      • Git Clone Repo via SSH
    • Github
      • How to use multiple accounts
      • Delete commits fully
      • Set up git ignore file
    • Github Actions
      • Install self hosted runner
      • Scheduling jobs cron style
      • Passing ENV variable in script
      • SSH to Server
    • GitLab
      • GitLab Cheatsheet
    • Terraform
      • Terraform components
  • Hardware
    • UPS - Njoy
  • IoT
    • Home Assistant
      • Valetudo configs
      • Mini Media Player
      • HACS
    • Valetudo
      • Roborock Gen 1
      • Roborock quick guide
      • Roborock full Valetudo install guide
    • Tasmota
      • Tuya-Convert
    • LibreELEC
      • Quick LibreELEC guide
      • Configure X96 Mini Remote
  • OS
    • Linux
      • Learning guidelines
        • LPIC1 Notes
        • Linux Academy Notes
      • Install / Update Guides
        • Set up Raspberry PI
        • Update Debian 10 (buster) to Debian 11 (bullseye)
      • Increase disk size
      • umask
      • inodes
      • at jobs
      • yum
        • yum update vs yum upgrade
      • find
      • ssh
        • SSH returns: no matching host key type found. Their offer: ssh-rsa
        • Generate Public Key from Private Key
        • Run local bash scripts on remote server
      • crontab
        • Crontab 1st Sunday of every Month
        • Set crontab to execute after restart
      • vim
        • Use sed inside vim
      • networking
        • Check Port
      • fail2ban
      • bashrc
      • lvm
      • fallocate
        • Generate dummy file with actual size
      • openssl
        • Create Certificate via CNF file
        • OpenSSL cert conversion
    • Windows
      • Windows - Get App port by PID
      • Windows - Upgrade Windows build
      • Windows - Server
    • Android
      • Android - Motorola Unlock
      • Android - /E Project
    • PinePhone
      • PinePhone - Instructions for creating a PureOS image for PinePhone
  • Monitoring
    • Nagios
      • CPU threshold value calculation
    • New Relic
      • New Relic Flex Integration
      • NRQL Alerts examples
    • Zabbix
      • Zabbix Proxy not communicating with Windows Server
  • Microsoft Suite
    • Outlook
      • Change View
    • Excel
      • Excel Shortcuts
    • Windows Subset for Linux
      • WSL no internet connection
  • Networking
    • General Networking
      • IP Classes and Subnet Masks
      • Network CIDR Charts - /-es or IP Prefix
      • OSI Model Overview
      • Three Way Handshake & TCP Overview
    • F5
    • Authelia
      • What is Authelia
    • Nginx Proxy Manager
      • Nginx Proxy Manager - DuckDNS going down
    • Nmap
    • OpenWRT
      • Securing OpenWRT
      • OpenWRT - Read logs
      • OpenWRT - Adding DHCP Entry
      • OpenWRT - Wireguard
      • OpenWRT - Set up OpenVPN
      • OpenWRT - Internal DNS Service
      • OpenWRT - Set up new Wifi Interface
      • OpenWRT - Set up VLAN
      • OpenWRT - VPN Policy Routing
    • Pihole
      • Enabling HTTPS for your Pihole Web Interface
      • Edit Pihole DNS entries
    • RVS
      • RVS - Observer Modification
      • RVS - All Parameters
      • RVS - Adding a station
    • Wireguard
    • FTP
      • Connect to FTP anonymously
  • Pen Testing
    • CTF
      • CTF Links
  • Programming
    • Python
      • Classic Python
        • Python Cheatsheet
        • Python Shortcuts
        • Dunder Methods
        • hasattr(), getattr(), delattr()
        • Useful Exceptions
        • Dictionary
        • isinstance()
        • isdigit(), isdecimal(), isalpha()
        • return
        • Functions
        • Lists
        • ord(), chr()
        • squares, twos, odds
        • Bubble sort
        • append() and insert()
        • Bitwise operators
        • while, for & else
        • Arithmetic Operators
        • equal operators
        • Structure Projects
      • Modules
        • Webscraping
          • BeautifulSoup
        • PySimpleGui
          • Fast Crashcourse on PySimpleGui
        • os
        • python-docx
          • Generate DOCX file
        • psycopg2
          • PostgreSQL Connection
        • Pydantic Model vs SQLAlchemy Model
      • Frameworks
        • FastAPI
          • FastAPI Quick overview
          • Installing FastAPI and Dependencies
          • Starting FastAPI
          • Path Operations
          • Creating HTTP Operation paths
          • Send Data via Body of HTTP Request
          • Schema Validation with Pydantic
          • CRUD Operations
          • Storing in Array
          • Retrieve one individual entry
          • Changing response Status Codes
          • Deleting entries
          • Updating entries
          • API Documentation
          • Setup App Database & connect to database
          • FastAPI Response Model via Pydantic
          • Hashing passwords via FastAPI
          • Getting user by ID
          • FastAPI Routers
          • Router Prefix
          • Router Tags
          • JWT Token Basics
          • Login Process
          • Creating Token with OAuth2
          • OAuth2 PasswordRequestForm
          • Verify user is Logged In
          • Protecting Routes
          • Fetching User in Protected Routes
        • SQLAlchemy
          • What is an ORM
          • SQLAlchemy setup
          • Adding CreatedAt Column
          • CRUD via SQLAlchemy
          • Efficient way of passing params in SQLAlchemy
          • Creating Users Table via SQLAlchemy & FastAPI
      • Virtual Environments (venv)
    • General Programming Concepts
    • Interview Questions & Answers
      • General Programming Questions
      • Python Interview Questions Beginner
    • Courses
      • Python - PCAP-31-03 Course
        • Overview & Introduction
          • Exam Syllabus
          • Basics of variables
          • Basic Data Types
          • Basic Arithmetic in Python
          • Indexing and Slicing Strings
          • Basic String Methods
          • Format Method
          • Strings are Immutable
        • Lists, Tuples and Dictionaries
          • Lists
          • Accessing Elements in Nested Lists
          • Finding Index positions in Lists and counting duplicates
          • Tuples
          • Dictionaries
          • Comparison Operators
        • Functions and Variable Scope
          • Creating functions
          • *args and **kwargs
          • Basic Variable scope
          • Scope and Nested functions
        • Control Flow
          • If & Else Statements
          • Elif Statements
          • For Loops
          • Pass Statement in For Loops
          • While Loops
          • Looping and Unpacking with Dictionaries and Tuples
          • Range, Enumerate and Zip Functions
          • More Handy Functions and the Random Package
          • Accepting Input from User
        • Modules, Packages and OOP
          • Revising the Difference between Methods and Functions
          • Classes and Objects
          • Classes Attributes vs Object Attributes
          • Calling Python Code that is Saved in Another File
          • Inheritance and Polymorphism
          • Abstract Classes and Methods
          • Practical Application of OOP
          • Double Under (Dunder) Methods
          • Python Script Files
          • Python Files
          • Understanding the if __name__ == '__main__' Syntax
        • File IO and Exception Handling
          • Exception Handling
          • File IO
          • File IO with Exception Handling
          • OS Module
          • argv Command Line Arguments and the re Module
        • Misc Stuff and Q&A
    • IDE
      • Virtual Studio Code
        • Cheatsheet
    • Postman
      • Postman Overview
      • Create a GET HTTP request
      • HTTP Requests
      • Saving Postman requests
      • Environment Variables
  • Virtualization
    • Proxmox
      • Proxmox Cheatsheet
      • Proxmox Common Errors
      • Install Home Assistant in Proxmox via script
      • Create cloud-init template
      • Install guest-agent on new VM
      • Proxmox post install script
  • Webservers
    • Apache
      • Redirect 301 - Apache to index.html
    • Glassfish
      • Redirect 301 Glassfish
    • Tomcat
      • Useful tomcat files
  • Storage
    • NetApp
      • Netapp Overview
      • How to create symlinks
    • Nextcloud
      • Nextcloud Snap install and S3 Storage Bucket
      • Nextcloud Fail2Ban Regex
      • Set up OnlyOffice on Nextcloud
      • Set up Joplin and CalDav on Nextcloud
  • Software
    • Ansys
      • Ansys missing libraries
      • Ansys install
    • Jboss
      • Jboss process not working
Powered by GitBook
On this page
  • Install Fail2Ban
  • Config Files
  • Enable Fail2Ban
  • See banned IPs
  • Unban IPs
  • Whitelist IPs
  • Remove IPs from Whitelist
  1. OS
  2. Linux

fail2ban

Install Fail2Ban

RHEL

sudo yum update && sudo yum install epel-release
sudo yum install fail2ban

Debian

sudo apt update && sudo apt upgrade -y
sudo apt install fail2ban

Config Files

There are two main configuration files in Fail2Ban: /etc/fail2ban/fail2ban.conf and /etc/fail2ban/jail.conf

/etc/fail2ban/fail2ban.conf: This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here.

/etc/fail2ban/jail.conf: This is where all the magic happens. This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc. Basically you control the behavior of Fail2Ban from this file.

Now before you go and change these files, Fail2Ban advise to make a copy with .local file for these conf files. It’s because the default conf files can be overwritten in updates and you’ll lose all your settings.

sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

If I remove the comments, the default section looks like this:

[DEFAULT]
ignorecommand =
bantime = 10m
findtime = 10m
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = false
mode = normal
filter = %(name)s[mode=%(mode)s]
destemail = root@localhost
sender = root@
mta = sendmail
protocol = tcp
chain =
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = iptables-multiport
banaction_allports = iptables-allports
action_abuseipdb = abuseipdb
action = %(action_)s

  • bantime: Set the length of the ban. Default is 10 minutes.

  • findtime: The window in which the action on an IP will be taken. Default is 10 minutes. Suppose a bad login was attempted by a certain IP at 10:30. If the same IP reaches the maximum number of retries before 10:40, it will be banned. Otherwise, the next failed attempt after 10:40 will be counted as first failed attempt.

  • maxretry: The number of failed retries before an action is taken

  • usedns: The β€œwarn” setting attempts to use reverse-DNS to look up the hostname and ban it using hostname. Setting it to no will ban IPs, not hostname.

  • destemail: The email address to which the alerts will be sent (needs to be configured)

  • sender: The sender name in the notification email

  • mta: Mail Transfer Agent used for notification email

  • banaction: This parameter uses the /etc/fail2ban/action.d/iptables-multiport.conf file to set the action after maximum failed retries

  • protocol: The type of traffic that will be dropped after the ban

Enable Fail2Ban

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Once Fail2Ban is enabled, you can see the status and the active jails with fail2ban-client command:

fail2ban-client status

Output:

Status
|- Number of jail: 1
`- Jail list: sshd

Fail2Ban log is located at /var/log/fail2ban.log The log files are in the following format:

2019-03-25 07:09:08,004 fail2ban.filter [25630]: INFO [sshd] Found 139.59.69.76 – 2019-03-25 07:09:07
2019-03-25 07:09:36,756 fail2ban.filter [25630]: INFO [sshd] Found 159.89.205.213 – 2019-03-25 07:09:36
2019-03-25 07:09:36,757 fail2ban.filter [25630]: INFO [sshd] Found 159.89.205.213 – 2019-03-25 07:09:36
2019-03-25 07:09:36,774 fail2ban.actions [25630]: NOTICE [sshd] Ban 159.89.205.213
2019-03-25 07:09:36,956 fail2ban.filter [25630]: INFO [sshd] Found 182.70.253.202 – 2019-03-25 07:09:36
2019-03-25 07:09:36,957 fail2ban.filter [25630]: INFO [sshd] Found 182.70.253.202 – 2019-03-25 07:09:36
2019-03-25 07:09:36,981 fail2ban.actions [25630]: NOTICE [sshd] Ban 182.70.253.202
2019-03-25 07:09:37,247 fail2ban.filter [25630]: INFO [sshd] Found 112.64.214.90 – 2019-03-25 07:09:37
2019-03-25 07:09:37,248 fail2ban.filter [25630]: INFO [sshd] Found 112.64.214.90 – 2019-03-25 07:09:37
2019-03-25 07:09:37,589 fail2ban.actions [25630]: NOTICE [sshd] Ban 112.64.214.90

See banned IPs

fail2ban-client status <jail_name>

Unban IPs

fail2ban-client set <jail_name> unbanip <ip_address>

Whitelist IPs

fail2ban-client set <JAIL_NAME> addignoreip <IP_Address>

Remove IPs from Whitelist

fail2ban-client set <JAIL_NAME> delignoreip <IP_Address>
PreviousCheck PortNextbashrc

Last updated 3 years ago