1. Community
  2. dv
  3. Article

How do I install Fail2ban to my DV server?

Browse by products and services

Legacy DV and VPS Hosting

Legacy DV Developer Hosting

  • Applies to: DV
    • Difficulty: Hard
    • Time Needed: 20 Minutes
    • Tools Required: SSH, Root access
  • Applies to: DV Developer
    • Difficulty: Hard
    • Time Needed: 20 Minutes
    • Tools Required: SSH, Root access, Python installed

READ ME FIRST
This article is provided as a courtesy. Installing, configuring, and troubleshooting third-party applications is outside the scope of support provided by (mt) Media Temple. Please take a moment to review the Statement of Support.

Advanced Support can help!

If you're having trouble with the steps in this article, additional assistance is available via Advanced Support, our premium services division. For more information on what Advanced Support can do for you, please click here.

Overview

Fail2ban is a program that scans log files and bans IP address that show common signs of malicious activity -- hunting for exploits, too many password failures, and so forth. This guide will show you how to install Fail2ban to your DV server.

TIP:

Since the DV Developer is a self-administered hosting solution, you will first need to install Python to your DV Developer server to proceed. (mt) Media Temple cannot assist you with this, but we strongly advise reviewing the official Python documentation for more information.

Instructions

    1. First, you'll need to establish a SSH connection to your server as the root user.
    2. As the root user, run the following command to download Fail2ban:
wget https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.13
    1. Next, we'll use tar to extract the directory structure:
tar -xf 0.8.13
    1. Change directory using the cd command:
cd fail2ban-0.8.13
    1. From the fail2ban install directory, you'll then want to compile and install the software using Python:
python setup.py install
    1. Next, copy the startup configuration file to the init.d directory on your server:
cp ./files/redhat-initd /etc/init.d/fail2ban
    1. Now, we'll use chkconfig to adjust the permissions and configure Fail2ban to start when your server reboots:
chkconfig --add fail2ban
chkconfig fail2ban on
    1. After the installation is complete, you will want to open the jail.local configuration file to review the sections listed (i.e. {ssh-iptables}), and change the ones you want enabled to '= true':
vim /etc/fail2ban/jail.local

In the configuration process, you will also need to define your email address and log locations. Let's take a look at the following section:

Filename: /etc/fail2ban/jail.conf

sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath  = /var/log/sshd.log

The above excerpt will become:

sendmail-whois[name=SSH, dest=you@yourdomain.com, sender=fail2ban@yourserversdomain.net]
logpath  = /var/log/secure
    1. Now that the jail.conf file has been edited, start Fail2ban up:
service fail2ban start

You can then test the rules on a per-service basis using the commands below:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

That's it! Fail2ban is now installed on your server!

Article Contents: