> yum install gamin pythongamin and python are both probably already installed, but it doesn't hurt to check. gamin is optional.
> cd /var/tmpOr wherever you feel like having a temp directory.
> wget http://sourceforge.net/projects/fail2ban/files/latest/download?source=filesAs long as fail2ban keeps up to date on sourceforge this will get you the latest version.
> tar -xjvf fail2ban*Using a wildcard will work so you don't have to worry about version numbers. The results could be unexpected if you failed to clean out your tmp directory first.
> cd fail2ban*Ditto above.
> python setup.py installThis is what actually installs fail2ban and its associated files into the correct places.
> cp files/redhat-initd /etc/init.d/fail2banYou'll need to manually copy the redhat initd into the appropriate place. If you're not on a redhat based distro, make sure that you copy the correct file to the correct place.
Create a jail.local file in /etc/fail2ban and add your personal settings. Using jail.conf isn't the greatest idea as it will be overwritten if you upgrade.
You will have to add a default action to jail.local depending on your configuration. This is most likely something akin to:
banaction = iptables-multiport action = %(banaction)s[name=%(__name__)s, port="%(port)s"]
Add any additional filters to /etc/fail2ban/filter.d
> chkconfig --add fail2banMake fail2ban available at startup by adding the service
> chkconfig fail2ban onMake fail2ban run at startup
> service fail2ban startStart the fail2ban service
That should take care of it barring any configuration specific errors.
Additional fail2ban filters for common apache nonsense:
phpmyadmin
# Fail2Ban configuration file # # Author: Garth Metzger ([email protected]) # [Definition] pma = pma|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|mysqldb|mydb|pmadb # Option: failregex # Notes.: regex to match phpmyadmin probes. # Values: TEXT # failregex = [[]client <HOST>[]] File does not exist: .*/(?:%(pma)s) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
w00tw00t
# Fail2Ban configuration file # # Author: Garth Metzger ([email protected]) # [Definition] # Option: failregex # Notes.: regex to match failures to find w00tw00t. Even though the w00tw00t # itself is probably harmless, it's almost guaranteed that anyone # trying this will try more attacks soon after. # Values: TEXT # failregex = [[]client <HOST>[]] File does not exist: .*w00tw00t.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
xrumer
# Fail2Ban configuration file # # Author: Garth Metzger ([email protected]) # [Definition] # Option: failregex # Notes.: regex to match xrumer nonsense by grepping its results. # Example: ++++++++++Result:+forum+not+found+ # Values: TEXT # failregex = [[]client <HOST>[]] File does not exist: .*\+\+Result:.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
No comments:
Post a Comment