Fail2ban

ban hosts that cause multiple authentication errors

Installation from git

Version included in wheezy repository (0.8.6) has serious issues with timezones and other bugs, so you would like to use last version from git repository

  1. clone repository
    git clone https://github.com/fail2ban/fail2ban.git
  2. change directory and install the app
    cd fail2ban
    python setup.py install
  3. copy config files
    cp config/* /etc/fail2ban/
  4. print iptables version
    iptables --version
  5. if iptables version <1.4.20 edit the /etc/fail2ban/action.d/iptables-common.conf and set locking opt to empty string:
    lockingopt =
  6. create startup script and start the service
    cp files/debian-initd /etc/init.d/fail2ban
    update-rc.d fail2ban defaults
    service fail2ban start
  • NOTE: installation script registers the app to python package system so uninstall (in case you want to switch back to distribution package) is as easy as
    pip uninstall fail2ban

Cleaning/shrinking the sqlite3 file

  DELETE FROM bans WHERE DATE(timeofban, 'unixepoch') < '2020-01-01'; VACUUM;

Asterisk

change default context in /etc/fail2ban/filter.d/asterisk in following line

^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Call from '[^']*' \(<HOST>:\d+\) to extension '\d+' rejected because extension not found in context 'default'\.$
 
linux/fail2ban.txt · Last modified: 2020/12/09 23:29 by admin