Installing Fail2Ban

When running an ARK node, especially a Delegate Node, you should consider your server’s security as your main priority.

Warning

During this guide, we will configure network and SSH parameters, which if improperly performed might permanently lock you out of your server. Ensure you fully understand each step before proceeding.

Install Fail2Ban

What Is Fail2Ban

The basic idea behind fail2ban is to monitor the logs of standard services to spot patterns in authentication failures. For example, by finding many password authentication failures originating from a single IP, whois commands shortly after connecting over SSH or other known exploits.

Warning

Fail2Ban can reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you want to protect services. :::

Installation

Install Fail2Ban and create local configuration file.

1sudo apt-get install fail2ban
2sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Configuration

Find all the references that specify port = SSH (typically in the SSH header section) and change the port to the new one you selected in the SSH security section above.

1sudo nano /etc/fail2ban/jail.local

File: /etc/fail2ban/jail.local

1#
2# SSH Servers
3#
4 
5[sshd]
6port = ssh
7logpath = %(sshd_log)s
8 
9[sshd-ddos]
10# This Jail Corresponds to the Standard Configuration in Fail2ban
11# The Mail-Whois Action Sends a Notification E-Mail With a Whois Request
12port = ssh
13logpath = %(sshd_log)s
14 
15[dropbear]
16port = ssh
17logpath = %(dropbear_log)s
18 
19 
20[selinux-ssh]
21port = ssh
22logpath = %(auditd_log)s
23maxretry = 5

Save Your Config File

Press CTRL+X to exit the file, Y to save the file and then Enter to write to the file and return to the command line.

Restart Fail2Ban Daemon

1sudo service fail2ban restart
2exit
Last updated 6 months ago
Edit Page
Share: