Support / KnowledgeBase

 
Search the KnowledgeBase Search

How do I install Fail2ban to my DV server?

  • Applies to: DV, DV Developer

  • Difficulty: Hard

  • Time needed: 5 minutes

  • Tools needed: None

 
  • Applies to: DV
    • Difficulty: Hard
    • Time Needed: 20 Minutes
    • Tools Required: SSH, Root access
  • Applies to: DV Developer
    • Difficulty: Hard
    • Time Needed: 20 Minutes
    • Tools Required: SSH, Root access, Python installed

READ ME FIRST

This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is outside the scope of support provided by (mt) Media Temple. Please take a moment to review the Statement of Support.

CloudTech_ProductPage_217x57

CloudTech Can Help!

If you’re having trouble with the steps in this article, additional assistance is available via CloudTech, our premium services division. Our expert engineers can install Fail2ban to your server for maximum security. For more information on what CloudTech can do for you, please click here.

Overview

Fail2ban is a program that scans log files and bans IP address that show common signs of malicious activity -- hunting for exploits, too many password failures, and so forth. This guide will show you how to install Fail2ban to your DV server.

TIP:

Since the DV Developer is a self-administered hosting solution, you will first need to install Python to your DV Developer server to proceed. (mt) Media Temple cannot assist you with this, but we strongly advise reviewing the official Python documentation for more information.

Instructions

  1. First, you'll need to establish a SSH connection to your server as the root user.
  2. As the root user, run the following command to download Fail2ban:
  3. wget https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.10
  4. Next, we'll use tar to extract the directory structure:
  5. tar -xf 0.8.10
  6. Change directory using the cd command:
  7. cd fail2ban-0.8.10
  8. From the fail2ban install directory, you'll then want to compile and install the software using Python:
  9. python setup.py install
  10. Next, copy the startup configuration file to the init.d directory on your server:
  11. cp ./files/redhat-initd /etc/init.d/fail2ban
  12. Now, we'll use chkconfig to adjust the permissions and configure Fail2ban to start when your server reboots:
  13. chkconfig --add fail2ban
    chkconfig fail2ban on
  14. After the installation is complete, you will want to open the jail.conf configuration file to review the sections listed (i.e. {ssh-iptables}), and change the ones you want enabled to '= true':
  15. vim /etc/fail2ban/jail.conf

    In the configuration process, you will also need to define your email address and log locations. Let's take a look at the following section:

    Filename: /etc/fail2ban/jail.conf

    sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
    logpath  = /var/log/sshd.log 

    The above excerpt will become:

    sendmail-whois[name=SSH, dest=you@yourdomain.com, sender=fail2ban@yourserversdomain.net]
    logpath  = /var/log/secure
  16. Now that the jail.conf file has been edited, start Fail2ban up:
  17. service fail2ban start

    You can then test the rules on a per-service basis using the commands below:

    fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

    That's it! Fail2ban is now installed on your server!

 

Continue