Reference: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
##Manual Installation
# Download Fail2ban from http://www.fail2ban.org/wiki/index.php/Downloads
cd /tmp
wget http://nchc.dl.sourceforge.net/sourceforge/fail2ban/fail2ban-0.8.3.tar.bz2
tar jxvf fail2ban-0.8.3.tar.bz2
rm -rf /tmp/fail2ban-0.8.3.tar.bz2
cd fail2ban-0.8.3
./setup.py install
cd /tmp/fail2ban-0.8.3/files
cp -a redhat-initd /etc/init.d/fail2ban
cd /etc/init.d/
chown root.root fail2ban
chmod 755 fail2ban
/sbin/chkconfig --add fail2ban
/sbin/chkconfig fail2ban on
cd /etc/fail2ban
cp -a jail.conf jail.conf.orig
vi /etc/fail2ban/jail.conf
Edit values as follows
##########
# Put space separated list of IPs you want to ignore
ignoreip = x.x.x.x
[[ssh-iptables]
#enabled = false
enabled = true
filter = sshd
#action = iptables[name=SSH, port=ssh, protocol=tcp]
# sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=admin@yourdomain.com, sender=fail2ban@mail.com]
#logpath = /var/log/sshd.log
logpath = /var/log/secure
#maxretry = 5
maxretry = 3
############
Edit Shorewall configuration (if you are using one as follow)
vi /etc/shorewall/shorewall.conf
#########
#BLACKLISTNEWONLY=Yes
BLACKLISTNEWONLY=No
##########
cd /etc/fail2ban
chown root.root fail2ban.conf
chmod 644 fail2ban.conf
# Log rotation of Fail2ban Logs
cd /etc/logrotate.d
vi fail2ban
###
/var/log/fail2ban.log {
missingok
notifempty
copytruncate
}
###
chown root.root fail2ban
chmod 644 fail2ban
/etc/rc.d/init.d/fail2ban start
# Check fail2ban.log for any errors
tail -f /var/log/fail2ban.log
rm -rf /tmp/fail2ban-0.8.3
No comments:
Post a Comment