Cara Install Fail2ban

Cara install fail2ban berikut ini aku pke untuk OS debian, tp prinsipnya utk OS lain mirip2, paling ganti cmd atau lokasi filenya aja.

Kegunaan Fail2ban utk mencegah bruteforce attack, dengan mekanisme baned ip jika ada client yg salah beberapa kali waktu memasukan password login.

Untuk debian, cmd installnya sbb (pke root account ya):

1
# apt-get install fail2ban -y

klo di Centos, RedHat, Feodora sbb:

1
2
3
4
# wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=ufpr
# tar -xjvf fail2ban-0.8.4.tar.bz2
# cd fail2ban-0.8.4
# python setup.py install

Autostart in RedHat,CentOS,Fedora

1
2
3
4
# cp files/redhat-initd /etc/init.d/fail2ban
# chkconfig –add fail2ban
# chkconfig fail2ban on
# service fail2ban start

Setelah itu copy setingan fail2ban :

1
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

jail.conf adalah seting dasar, sebaiknya ga usah diganti2, kita copy jd jail.local, disitu nanti yg kita edit2

1
# nano /etc/fail2ban/jail.local

liat baris bantime, 600 detik = 10 menit, kurang lama gan, ganti bantime = 600 jd bantime = 86400 🙂

kira2 lengkapnya begini:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[DEFAULT]

# “ignoreip” can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 172.31.0.0/24 10.10.0.0/24 192.168.0.0/24
bantime = 86400
maxretry = 5

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/auth.log
maxretry = 5

klo pke centos redhat fedora, logpathnya ganti logpath=/var/log/secure
simpan dan save trs restart fail2bannya

1
# /etc/init.d/fail2ban restart

cb check iptablesnya, mestinya ada tambahan fail2ban disitu, termasuk klo udah ada ip yg di block jg muncul disitu

1
# iptables -L

Untuk menampilkan log yg salah password

1
# cat /var/log/auth.log | grep ‘Failed password’ |  sort | uniq -c

Cek fail2ban bekerja atau nggak, klo jawabannya Server replied: pong berarti jalan normal

1
# fail2ban-client ping

Untuk yang pke apf, ada sdikit tambahan config:

1
2
# cp /etc/fail2ban/action.d/shorewall.conf /etc/fail2ban/action.d/apf.conf
# nano /etc/fail2ban/action.d/apf.conf

Edit menjadi spt ini :

1
2
actionban = apf --deny
actionunban = apf --remove
1
# nano /etc/fail2ban/jail.local

Edit menjadi spt ini :

1
banaction = apf

Referensi :
http://fail2ban.org
http://felipeferreira.net/?p=47
http://www.chekolyn.com/index.php/blog/show/How-to-make-APF-and-Fail2ban-work-toguether.html

work as freelancer - i’m a humanize human, a son, a father, a husband, who love coffee and cigarette, lazy and moody, entrepreneur, very easy to sleep, internet addict, bad designer, humorious, playing guitar, can’t singing & cooking, thin body, brown skin, smily, travelling & hiking, art & culture related, etc………

Leave a Reply

Your email address will not be published. Required fields are marked *

Top