Difference between revisions of "MANUAL 0 8"

Introduction

The problem

Brute-force breakin attempts are quite frequent against SSH server. Automated scripts try multiple combination of username/password. To be continued...

The solution

Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain.

The version 0.8 of Fail2ban introduces a lot of new features and improvements. Here is a list of the most important new features:

• client/server
• multithreaded
• Gamin support
• autodetection of the date/time format
• wildcard support in logpath option

The code has been completely rewritten since the last stable release. Support for more services (proftpd, sasl, qmail, apache, ssh, etc) and actions (iptables, tcp-wrapper, mail notification with whois information, etc) are now available.

Installation

Compiling Yourself on a GNU/Linux System

You will need to obtain the latest version of the source code in order to compile Fail2ban yourself. Once you have done this, change to the directory where you downloaded the source code and execute the following:
tar zxvjf fail2ban-x.x.x.tar.bz2

You will not have the Fail2ban source code extracted to a directory under the current working directory. You must now move to the new directory.

Now run the configure script:
./configure

Finally, compile Fail2ban:
make

If you'd like to install it system-wide, use the following (as root):
make install

Debian

Installing fail2ban on a Debian based system is very straightforward. Execute the following code as the root user on an unstable version of Debian:
apt-get install fail2ban

Configuration

Client

Server