Never Ending Security

It starts all here

Setup and Configure Fail2Ban on Linux


An intrusion prevention framework written in the Python programming language. It is very successful in reducing  dictionary attacks. Because we limit the number of tries to access to the specific service that we want to enable. In this example we are going to show with sshd service only. The standard configuration ships with filters for sshd, Apache, Lighttpd, vsftpd, qmail, Postfix and Courier Mail Server.

Log-in as root user and enter the following command to begin install.

apt-get install fail2ban


Copy a config file in /etc/fail 2ban/ of file “jail.conf” to “jail.local”

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit file jail.local

vi /etc/fail 2ban/jail.local

With content,

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
 ignoreip =
 bantime = 3600
 maxretry = 3

Email Notifications

Find the line that says destmail and add your email address.

destemail =

Chose default actions

Find line,

action = %(action_)s

And change it to:

action = %(action_mw)s

Email Actions, In this case we use sendmail.

 # email action. Since 0.8.1 upstream uses sendmail
 # MTA for the mailing. Change mta configuration parameter to mail
 # if you want to revert to conventional 'mail'.
 mta = sendmail

Enable SSH

Find the ssh section in the same file, and adjust to your need:

 enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Once done, restart to apply these settings.

service fail2ban restart

Let’s try to access via SSH to this server with the incorrect information for 3 times. We will get one email and can not ssh to that server for 1 hour with the user we tried.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s