Installing Fail2Ban
When running an Mainsail node, especially a Valdiator Node, you should consider your server’s security as your main priority.
Warning
During this guide, we will configure network and SSH parameters, which if improperly performed might permanently lock you out of your server. Ensure you fully understand each step before proceeding.
Install Fail2Ban
What Is Fail2Ban
The basic idea behind fail2ban is to monitor the logs of standard services to spot patterns in authentication failures. For example, by finding many password authentication failures originating from a single IP, whois
commands shortly after connecting over SSH or other known exploits.
Warning
Fail2Ban can reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you want to protect services. :::
Installation
Install Fail2Ban and create local configuration file.
1sudo apt-get install fail2ban2sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Configuration
Find all the references that specify port = SSH (typically in the SSH header section) and change the port to the new one you selected in the SSH security section above.
1sudo nano /etc/fail2ban/jail.local
File: /etc/fail2ban/jail.local
1# 2# SSH Servers 3# 4 5[sshd] 6port = ssh 7logpath = %(sshd_log)s 8 9[sshd-ddos]10# This Jail Corresponds to the Standard Configuration in Fail2ban11# The Mail-Whois Action Sends a Notification E-Mail With a Whois Request12port = ssh13logpath = %(sshd_log)s14 15[dropbear]16port = ssh17logpath = %(dropbear_log)s18 19 20[selinux-ssh]21port = ssh22logpath = %(auditd_log)s23maxretry = 5
Save Your Config File
Press CTRL+X
to exit the file, Y
to save the file and then Enter
to write to the file and return to the command line.
Restart Fail2Ban Daemon
1sudo service fail2ban restart2exit