Difference between revisions of "MANUAL 0 8"
Lostcontrol (talk | contribs) |
|||
| Line 23: | Line 23: | ||
== Installation == | == Installation == | ||
| − | === | + | === Installing from sources on a GNU/Linux system === |
| − | You will need to obtain the latest version of the [http://sourceforge.net/project/showfiles.php?group_id=121032&package_id=132537 source code] in order to compile {{Fail2ban}} yourself. Once you have done this, change to the directory where you downloaded the source code and execute the following: | + | You will need to obtain the latest version of the [http://sourceforge.net/project/showfiles.php?group_id=121032&package_id=132537 source code] in order to compile {{Fail2ban}} yourself. Once you have done this, change to the directory where you downloaded the source code and execute the following: |
| − | |||
| − | |||
| − | |||
| − | + | tar xvjf fail2ban-x.x.x.tar.bz2 | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | === '' | + | You will have the {{Fail2ban}} source code extracted to a directory under the current working directory. You must now move to the new directory. |
| + | |||
| + | Now run the installation script as root: | ||
| + | |||
| + | ./setup.py install | ||
| + | |||
| + | {{Fail2ban}} should now be installed into ''/usr/lib/fail2ban'' and ''/usr/bin''. | ||
| + | |||
| + | === Debian === | ||
| + | |||
| + | Installing {{Fail2ban}} on a Debian based system is very straightforward. Execute the following code as the '''root''' user on an ''unstable'' version of Debian: | ||
| + | |||
| + | apt-get install fail2ban | ||
| − | |||
| − | |||
| − | |||
| − | |||
The [http://fail2ban.sourceforge.net/wiki/index.php/Fail2ban:About FAQs] have a more detailed explanation of installing using distributions such as [http://debian.org Debian], [http://redhat.com RedHat] and [http://gentoo.org Gentoo] | The [http://fail2ban.sourceforge.net/wiki/index.php/Fail2ban:About FAQs] have a more detailed explanation of installing using distributions such as [http://debian.org Debian], [http://redhat.com RedHat] and [http://gentoo.org Gentoo] | ||
Revision as of 22:01, 16 October 2006
Introduction
The problem
Brute-force breakin attempts are quite frequent against an SSH server. Automated scripts try multiple combinations of username/password and sometimes changing the port to something other than 22 can't be done. Furthermore, scouring your log files yourself is not only time consuming, but can be difficult too.
Fail2ban attempts to aleviate these issues by providing an automated way of not only identifying possible break-in attempts, but acting upon them quickly and easily in a user-definable manor.
The solution
Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain.
The version 0.8 of Fail2ban introduces a lot of new features and improvements. Here is a list of the most important new features:
- client/server
- multithreaded
- Gamin support
- autodetection of the date/time format
- wildcard support in logpath option
The code has been completely rewritten since the last stable release. Support for more services (proftpd, sasl, qmail, apache, ssh, etc) and actions (iptables, tcp-wrapper, mail notification with whois information, etc) are now available.
Installation
Installing from sources on a GNU/Linux system
You will need to obtain the latest version of the source code in order to compile Fail2ban yourself. Once you have done this, change to the directory where you downloaded the source code and execute the following:
tar xvjf fail2ban-x.x.x.tar.bz2
You will have the Fail2ban source code extracted to a directory under the current working directory. You must now move to the new directory.
Now run the installation script as root:
./setup.py install
Fail2ban should now be installed into /usr/lib/fail2ban and /usr/bin.
Debian
Installing Fail2ban on a Debian based system is very straightforward. Execute the following code as the root user on an unstable version of Debian:
apt-get install fail2ban
The FAQs have a more detailed explanation of installing using distributions such as Debian, RedHat and Gentoo
