How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd



Fail2ban is an intrusion prevention framework. It's main purpose is to block IP addresses belonging to hosts that are trying to breach the system's security. I highly recommend any linux administrator to implement this software. In my example, I will be installing Fail2ban on Ubuntu 10.04 64 bit Server Edition. I will be utilizing Fail2ban for SSH and Pure-FTPd.
To begin, install Fail2ban by running the following command:
sudo apt-get install fail2ban
By default, Fail2ban is Ubuntu friendly, meaning that it is configured to ban IP's after 6 failed SSH attempts. You can verify that it is enabled by viewing the contents of /etc/fail2ban/jail.conf:
cat /etc/fail2ban/jail.conf
Make sure that this section is in there and that it is set to true:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
To configure Fail2ban for Pure-FTPd, run the following commands:
sudo vim /etc/fail2ban/jail.conf
Add the following lines to the section labeled "FTP servers":
[pure-ftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 5
Now restart Fail2ban:
sudo /etc/init.d/fail2ban restart
That's all there is to installing Fail2ban. It now blocks IP's after to many failed SSH or FTP attempts. As you see, it's very simple to setup. If you would like to see which IP's are blocked, remove IP's from the blocked list, or change blocked IP time, continue on with this tutorial:
http://itswapshop.com/content/how-view-and-remove-banned-ips-fail2ban-ubuntu-1004
Feel free to leave any comments or questions.
- Add new comment
- 1 comment
Thajks
Thajks
Post new comment