1. Download and Install
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2
tar -xjvf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
2. Edit jail.conf
vi /etc/fail2ban/jail.conf
----------//---------
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.1.0/24 <--------- 여기에 지정된 주소는 fail2ban의해 밴당하지 않는다
# "bantime" is the number of seconds that a host is banned.
bantime = 84600 <-------- 24시간으로 변경. 해당 호스트가 밴되는 시간 (기본 600)
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3 <------- 위의 faindtime 시간안에 maxretry 횟수만큼 로그인 실패시 밴 (기본 3)
......
[ssh-iptables]
enabled = true <-------- sshd에 사용하기 위해 true로 변경
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath = /var/log/secure <------------ sshd.log에서 secure로 변경
maxretry = 5 <-------- 변경시 여기에 있는 값이 위의 default 'maxretry' 값보다 우선시 된다
----------//---------
3. Copy start script and start service
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on
service fail2ban start
wget http://sourceforge.net/projects/fail2ban/files/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2
tar -xjvf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4
python setup.py install
2. Edit jail.conf
vi /etc/fail2ban/jail.conf
----------//---------
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 192.168.1.0/24 <--------- 여기에 지정된 주소는 fail2ban의해 밴당하지 않는다
# "bantime" is the number of seconds that a host is banned.
bantime = 84600 <-------- 24시간으로 변경. 해당 호스트가 밴되는 시간 (기본 600)
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3 <------- 위의 faindtime 시간안에 maxretry 횟수만큼 로그인 실패시 밴 (기본 3)
......
[ssh-iptables]
enabled = true <-------- sshd에 사용하기 위해 true로 변경
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath = /var/log/secure <------------ sshd.log에서 secure로 변경
maxretry = 5 <-------- 변경시 여기에 있는 값이 위의 default 'maxretry' 값보다 우선시 된다
----------//---------
3. Copy start script and start service
cp files/redhat-initd /etc/init.d/fail2ban
chkconfig --add fail2ban
chkconfig fail2ban on
service fail2ban start
