Skip to content

Fail2Ban

Jump to bottom Edit New page
PhysK edited this page Jan 22, 2020 · 1 revision

Table of Contents

  1. Intro
  2. Protect your Server
  3. Ban bad IPs-24h
  4. Ban bad IPs-48h
  5. Ban bad IPs-7Days
  6. unban IPs

1. Intro

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

2. Protect your Server

When you install PTSguide, fail2ban is installed by default. The basic settings are created directly, as well as the service runs with default settings.

Here in this section, you will only be told a little bit more about "fail2ban" and some settings on how to optimize your "fail2ban-service".

3. Ban bad IPs 24h

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this! // change this --> // scroll down // Please ONLY change this!

"bantime" is the number of seconds that a host is banned."

**bantime  = 86400m**

"A host is banned if it has generated "max-retry" during the last "find-time" seconds."

**findtime  = 36000m**

"maxretry" is the number of failures before a host gets banned."

**maxretry = 3**

Please ONLY change this !

short info :

bann time = time for IP bans

findtime = the time to find the IP in the log

maxretry = maximum retries before banning the IP

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

4. Ban bad IPs 48h

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !

* "bantime" is the number of seconds that a host is banned.
bantime  = 172800m

* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 86400m

* "maxretry" is the number of failures before a host gets banned.
maxretry = 3

Please ONLY change this !

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

5. Ban bad IPs 7D

PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.

// only for EXPERT \

  1. cd /etc/fail2ban/
  2. cp jail.conf backup.jail.conf
  3. nano jail.conf

Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !

* "bantime" is the number of seconds that a host is banned.
bantime  = 604800m

* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime  = 172800m

* "maxretry" is the number of failures before a host gets banned.
maxretry = 2

Please ONLY change this !

  1. CTRG + X ( then Y )

  2. /etc/init.d/fail2ban restart

  3. cd /var/log/

  4. tail -f fail2ban.log

6. unban IPs

With Fail2Ban v0.8.8 and later:

fail2ban-client set sshd unbanip IPADDRESSHERE

  1. login over secondary IP ( not banned IP )
  2. fail2ban-client status ( normaly PTSGuide use this one sshd )
  3. cat /var/log/fail2ban.log
  4. find the IP -> right side are
  5. copy the IP if you want to unban !!! ( own risk )
  6. fail2ban-client set sshd unbanip IPADDRESSHERE
  7. try to login !
  8. if it failed
  9. go back to step 2.)
  10. be careful what IP you want to UNBAN !!

Wiki - Wiki

Useful Starter Links

  1. Introduction
  2. G-Suite Signup
  3. Recommended NewsHosts
  4. Change Log

Prior Planning 101

  1. Recommended Pre-Reading
  2. Server - Storage Planning
  3. Usenet or BitTorrent
  4. PTS Editions
  5. PTS Folder Structure
  6. PTS-Repos
  7. Common Issues

Deploy & Config

PTS-Team
  1. SSH Server Access
  2. Install PTS
  3. WatchTower
  4. Remote Path Mappings

Data Transport
  1. PTS Clone
    1. Google OAuth Keys
    2. PTS Move
    3. PTS Blitz
    4. 2nd HD Option

Key Components

  1. Traefik
  2. Port Guard
  3. PTS Shield
  4. PTS Press
  5. Google Cloud - GCE
    1. Automated setup
  6. Hetzner Cloud
  7. PTS Fork
  8. Extra PTS Commands

Blitz App Info

  1. Accessing PTS Apps
  2. App Port Scheme

Tools & Services

Core Apps [Expand]
  1. Emby
  2. Jackett
  3. Jellyfin
  4. LazyLibrarian
  5. Lidarr
  6. Netdata
  7. NZBGet
  8. Ombi
  9. Plex
  10. Portainer
  11. qBittorrent
  12. Radarr
  13. Radarr4k
  14. RadarrHDR
  15. RuTorrent
  16. SABnzbd
  17. Sonarr
  18. Sonarr4k
  19. SonarrHDR
  20. Tautulli
  21. JDownloader2
Community Apps [Expand]
  1. AirSonic
  2. Bazarr
  3. Bitwarden
  4. BookSonic
  5. cAdvisor
  6. Cloud Commander
  7. Deluge
  8. DelugeVPN
  9. Dozzle
  10. Duplicati
  11. Filebrowser
  12. FlexGet
  13. Gazee
  14. Headphones
  15. Heimdall
  16. HomeAssistant
  17. jd2-openvpn
  18. Kitana
  19. Logarr
  20. MakeMKV
  21. MariaDB
  22. McMyadmin
  23. MEDUSA
  24. Mellow
  25. Miniflux
  26. Monitorr
  27. Muximux
  28. Mylar
  29. NextCloud
  30. NowShowing
  31. NZBHydra2
  32. Organizr
  33. plpp
  34. pyLoad
  35. qBittorrent
  36. QBittorrent VPN
  37. radarrsyncarr
  38. Resilio
  39. rflood-openvpn
  40. rutorrent-openvpn
  41. Shoko Anime Server
  42. SpeedTest
  43. SyncLounge
  44. Teamspeak3
  45. The Lounge
  46. Transmission
  47. Trakt.or
  48. Ubooquity
  49. Varken
  50. vnc-xfce
  51. vnstat
  52. ZeroTier

Misc Info & Articles

  1. Change Server Time
  2. Fail2Ban
  3. Custom Containers
  4. Deploying Varken, Influx, Telegraf, Grafana
  5. cloneclean commands
  6. Understanding htop
Scripts
  1. Scripting Area
    1. Auto Upload for Sonarr and Lidarr
    2. Auto Delete Log
    3. Plex Plugin DB Backup
    4. Plex fast BACKUP
    5. Delete All Unmonitored from Radarr
Clone this wiki locally