Fail2Ban - n05urpr1532-MHA-Team/PTS-Team GitHub Wiki

Table of Contents

  1. Intro
  2. Protect your Server
  3. Ban bad IPs-24h
  4. Ban bad IPs-48h
  5. Ban bad IPs-7Days
  6. unban IPs

1. Intro

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

2. Protect your Server

When you install PTSguide, fail2ban is installed by default. The basic settings are created directly, as well as the service runs with default settings.

Here in this section, you will only be told a little bit more about "fail2ban" and some settings on how to optimize your "fail2ban-service".

3. Ban bad IPs 24h

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this! // change this --> // scroll down // Please ONLY change this!

"bantime" is the number of seconds that a host is banned."

**bantime  = 86400m**

"A host is banned if it has generated "max-retry" during the last "find-time" seconds."

**findtime  = 36000m**

"maxretry" is the number of failures before a host gets banned."

**maxretry = 3**

Please ONLY change this !

short info :

bann time = time for IP bans

findtime = the time to find the IP in the log

maxretry = maximum retries before banning the IP

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

4. Ban bad IPs 48h

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !

* "bantime" is the number of seconds that a host is banned.
bantime  = 172800m

* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 86400m

* "maxretry" is the number of failures before a host gets banned.
maxretry = 3

Please ONLY change this !

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

5. Ban bad IPs 7D

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !

* "bantime" is the number of seconds that a host is banned.
bantime  = 604800m

* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 172800m

* "maxretry" is the number of failures before a host gets banned.
maxretry = 2

Please ONLY change this !

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

6. unban IPs

With Fail2Ban v0.8.8 and later:

fail2ban-client set sshd unbanip IPADDRESSHERE

  1. login over secondary IP ( not banned IP )
  2. fail2ban-client status ( normaly PTSGuide use this one sshd )
  3. cat /var/log/fail2ban.log
  4. find the IP -> right side are
  5. copy the IP if you want to unban !!! ( own risk )
  6. fail2ban-client set sshd unbanip IPADDRESSHERE
  7. try to login !
  8. if it failed
  9. go back to step 2.)
  10. be careful what IP you want to UNBAN !!

Wiki - Wiki

⚠️ **GitHub.com Fallback** ⚠️