Print
Hits: 4525

Fail2Ban is a comprehensive tool for blocking possible unwanted traffic from bots/hackers to your server (or network). It's quiet easy to install and setup so here's a quick how to, assuming you've already set up sendmail for mail-relay, and are using locally ssh, ftp and openvpn for instance.

1. sudo apt-get install fail2ban

2. Set up a local configuration file for fail2ban by running "cp -ivra /etc/fail2ban/jail.conf /etc/fail2ban/jail.local" and open /etc/fail2ban/jail.local:

# Append / Modify

bantime = 3600
# forever:
# bantime = -1
ignoreip = 127.0.0.1/8 192.168.1.0/24
destemail = This email address is being protected from spambots. You need JavaScript enabled to view it.

# Email address of the sender
# This is not by default in place, by default fail2ban@<hostname>.<domain> is used which could lead into smtp unknown sender errors (550). Also note the sender="%(sender)s in action_mw.
sender = This email address is being protected from spambots. You need JavaScript enabled to view it.

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s", sender="%(sender)s"]

action = %(action_mw)s

 

# Append / Modify

[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
#logpath = /var/log/syslog
/etc/openvpn/openvpn.log
maxretry = 3

[proftpd]
enabled = true

[ssh]
enabled = true

3. Create a file openvpn.conf in /etc/fail2ban/filter.d/ with the following contents:

# Fail2Ban Filter for OpenVPN
#

[INCLUDES]

before = common.conf

[Definition]
_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex =

4. Restart services: sudo service fail2ban restart

5. Eventually add "/var/log/fail2ban.log" to the logrotate in: /etc/logrotate.d/rsyslog

6. I've also added an email alias in sendmail for fail2ban@<hostname>.<domain>

Now you'll receive emails when someone gets banned. You can test this, when you want to remove the block use something like: "sudo fail2ban-client set openvpn unbanip 1.2.3.4"