No mention of: systemctl start fail2ban systemctl enable fail2ban Had to look for it in a different guide. People who are your target audience are novices to linux, so this info is paramount.
Had problems on minimal CLI Debian install. fail2ban failed during configuration have not found any log file for sshd jail Had to install app rsyslog (sudo apt install rsyslog). Without this app ssh did not create a log file in /var/log/auth.log
I am sorry but at 8:36 you said that the jail for sshd is already set and there is no additional action needed, but then in 8:47 you said that enabled = true is needed????
Hey Jair, sorry for the confusion. What Jay is saying there is that the sshd is enabled by default. Normally, to enable other jails, you would have to manually enter enabled=true. Hope that helps!
@@AkamaiDeveloper Is that a Linode specific setting or something that's universal? I couldn't find any documentation that seems to say sshd is enabled by default.
Just jumping here to clarify some things. At about 4:26 you'll notice that there's a `jail.d` directory. This is an extension of jail.conf per say. If you dive into it, you'll see a defaults conf file which has sshd enabled. Just wanted to clarify for any future viewers.
Fail2ban can block single IP addresses, and even a range of addresses if you find yourself under attack from a specific source. When it comes to server security, it's recommended to follow these best practices www.linode.com/docs/guides/securing-your-server/
Hi..I learnt a lot from linode n i appreciate the details shared.However i hv a query f2b does is monitor the ip but when it bans how can we make it drop those ban ip instead of reject..
It looks like it's possible to configure your iptables to work with Fail2Ban to "Drop" instead of "Reject". Here's an article we found which might help you out: www.the-art-of-web.com/system/fail2ban/
When adding to the "ignoreip" line in jail.local, what if I'm accessing the server in question from another computer in the same network? Do I just enter the local/internal IP of that computer or do I still have to enter its external IP? Thanks!
Jay did that step off camera, here is a link to the guide which outlines commands to install it yourself depending on what distro you're using www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/#how-to-install-fail2ban
I changed my port for accessing ssh in /etc/ssh/sshd_config. In the sshd section of jail.conf/jail.local, it indicates the sshd port as ssh. Does it get the ssh port number from the /etc/ssh/sshd_config file, or do I need to enter the port number in the sshd section of jail.local? NEVER MIND. I just watched Jay's 2019 video on fail2ban and he says in that video that you need to change the port number in jail.local if it is not the standard ssh port (port 22).
I found out from fail2ban github that there’s a bug with the current version working under debian. Its fixable by doing this echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf
No mention of:
systemctl start fail2ban
systemctl enable fail2ban
Had to look for it in a different guide. People who are your target audience are novices to linux, so this info is paramount.
It's basic systemd commands, whenever you install a service, run theses commands
@@alexandre_1a442someone who doesn’t know what fail2ban is, won’t even know what systemd is Xd
Very nicely presented. Short, sweet, and to the point. Excellent job.
Simple, clear and to point
Had problems on minimal CLI Debian install.
fail2ban failed during configuration have not found any log file for sshd jail
Had to install app rsyslog (sudo apt install rsyslog).
Without this app ssh did not create a log file in /var/log/auth.log
I am sorry but at 8:36 you said that the jail for sshd is already set and there is no additional action needed, but then in 8:47 you said that enabled = true is needed????
Hey Jair, sorry for the confusion. What Jay is saying there is that the sshd is enabled by default. Normally, to enable other jails, you would have to manually enter enabled=true. Hope that helps!
@@AkamaiDeveloper Is that a Linode specific setting or something that's universal? I couldn't find any documentation that seems to say sshd is enabled by default.
@@circuitguy9750 All of our distros have sshd configured to start and run by default.
Just jumping here to clarify some things. At about 4:26 you'll notice that there's a `jail.d` directory. This is an extension of jail.conf per say. If you dive into it, you'll see a defaults conf file which has sshd enabled. Just wanted to clarify for any future viewers.
I didnt quite understand why we copying the conf files to local files
Sounds pretty basic and simply installing/turning on Fail2ban is another great security layer of protection for your Linode.
Incredibly concise video! well done!
If I have disabled passworfd logins and I am using ssh key do I still need fail2ban and if yes how do I test it ?
Jay... you rock
What if brute force attack is launched from cloud. You can rotate ip address from cloud ?
Fail2ban can block single IP addresses, and even a range of addresses if you find yourself under attack from a specific source. When it comes to server security, it's recommended to follow these best practices www.linode.com/docs/guides/securing-your-server/
nice now I can keep those Chinese and Indonesian ssh Brute force attempts at bay
Would this work for a Raspberry Pi setup? I'm using it to run Plex Media Server and use an external USB drive to store all my media
Yes, as long as you're using the same distro as in the tutorial, the steps to setting up Fail2ban should be the same.
Great stuff 👍
Hi..I learnt a lot from linode n i appreciate the details shared.However i hv a query f2b does is monitor the ip but when it bans how can we make it drop those ban ip instead of reject..
It looks like it's possible to configure your iptables to work with Fail2Ban to "Drop" instead of "Reject". Here's an article we found which might help you out:
www.the-art-of-web.com/system/fail2ban/
When adding to the "ignoreip" line in jail.local, what if I'm accessing the server in question from another computer in the same network? Do I just enter the local/internal IP of that computer or do I still have to enter its external IP? Thanks!
for a local IP, just put your local IP form your computer ( you can see it by loggin into SSH and look at the SSH logs )
you installed sendmail? Umm,,, where? when? You never showed that step!
Jay did that step off camera, here is a link to the guide which outlines commands to install it yourself depending on what distro you're using www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/#how-to-install-fail2ban
that thigs has some GUI right?
I changed my port for accessing ssh in /etc/ssh/sshd_config. In the sshd section of jail.conf/jail.local, it indicates the sshd port as ssh. Does it get the ssh port number from the /etc/ssh/sshd_config file, or do I need to enter the port number in the sshd section of jail.local?
NEVER MIND. I just watched Jay's 2019 video on fail2ban and he says in that video that you need to change the port number in jail.local if it is not the standard ssh port (port 22).
I am getting ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
does this work with Debian 12?
try:
systemctl start fail2ban
systemctl enable fail2ban
or
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
My response got deleted. Wonder why.
I found out from fail2ban github that there’s a bug with the current version working under debian. Its fixable by doing this
echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf
echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf