install fail2ban ubuntu 10.10

September 12, 2011

How to install fail2ban on ubuntu 10.10

Install Fail2ban

# apt-get update
# apt-get install fail2ban

List IPtables to see if it is running

# iptables -L

You will see this at bottom of IPTables:

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Copy the default .conf file so you can modify it (per the manual you should be editing this file)

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Update the ignoreip line adding your primary ip address (separate ips with a space)

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1

Add some customizations for apache:

[apache-auth]
enabled = true
filter = apache-auth
action = iptables[name=ApacheAuth, port=http, protocol=tcp]
sendmail-whois[name=ApacheAuth, [email protected]]
logpath = /var/log/httpd/error_log
maxretry = 6
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, [email protected]]
logpath = /var/log/httpd/access_log
bantime = 172800
maxretry = 3
 
[apache-noscript]
enabled = true
filter = apache-noscript
action = iptables[name=NoScript, port=http, protocol=tcp]
sendmail-buffered[name=NoScript, lines=5, [email protected]]
logpath = /var/log/httpd/error_log
[php-url-fopen]
enabled = true
filter = php-url-fopen
action = iptables[name=php-url-fopen, port=http, protocol=tcp]
sendmail-buffered[name=php-url-fopen, lines=5, [email protected]]
logpath = /var/log/httpd/access_log
maxretry = 1

restart fail2ban

# /etc/init.d/fail2ban restart