How to install fail2ban on ubuntu 10.10
Install Fail2ban
# apt-get update # apt-get install fail2ban
List IPtables to see if it is running
# iptables -L
You will see this at bottom of IPTables:
Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere
Copy the default .conf file so you can modify it (per the manual you should be editing this file)
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Update the ignoreip line adding your primary ip address (separate ips with a space)
# "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1
Add some customizations for apache:
[apache-auth] enabled = true filter = apache-auth action = iptables[name=ApacheAuth, port=http, protocol=tcp] sendmail-whois[name=ApacheAuth, [email protected]] logpath = /var/log/httpd/error_log maxretry = 6
[apache-badbots] enabled = true filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, [email protected]] logpath = /var/log/httpd/access_log bantime = 172800 maxretry = 3 [apache-noscript] enabled = true filter = apache-noscript action = iptables[name=NoScript, port=http, protocol=tcp] sendmail-buffered[name=NoScript, lines=5, [email protected]] logpath = /var/log/httpd/error_log
[php-url-fopen] enabled = true filter = php-url-fopen action = iptables[name=php-url-fopen, port=http, protocol=tcp] sendmail-buffered[name=php-url-fopen, lines=5, [email protected]] logpath = /var/log/httpd/access_log maxretry = 1
restart fail2ban
# /etc/init.d/fail2ban restart