Setting Up Fail2Ban

Abrar Hossain asked:

I am new to fail2ban. I want to setup Fail2Ban such that it bans an IP for one hour on two failed login attempts. I have the following setup:

/etc/fail2ban/jail.local.conf

[DEFAULT]
bantime = 3600
maxretry = 2
backend = systemd
usedns = warn
mode = normal
destemail = <MYEMAIL>
sender = <MYSENDER>
protocol = tcp
chain = <known/chain>
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
...
# Choose default action.  To change, just override value of 'action' with
# the interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_mw)s

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s


[dropbear]

port     = ssh
logpath  = %(dropbear_log)s
backend  = %(dropbear_backend)s


[selinux-ssh]

port     = ssh
logpath  = %(auditd_log)s

On systemctl status fail2ban.service I see the service is up. My assumption is it is using the jail.local.conf file. There are no errors reported. I don’t have iptables installed. Is that necessary? If so, how do I set it up with my existing fail2ban setup?

My answer:


Your file has the wrong name. fail2ban will read a file named jail.local, not jail.local.conf. Rename the file and restart fail2ban.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.