Fail2ban
From Notes_Wiki
<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>
fail2ban
fail2ban is a useful tool for blocking bruteforce attacks. Compared to other tools such as denyhosts it is more generic. Various regular expressions are mentioned in /etc/fail2ban/filter.d/conf files. Then in /etc/fail2ban/jail.conf appropriate log file name and iptables (tcp/udp) ports are mentioned to be blocked based on failed attempts to given service. Multiple defaults for squid, apache, mail, etc. are already present and only need to be enabled.
Steps for installing fail2ban are:
- Setup epel repository
- yum -y install fail2ban
- service fail2ban start
- chkconfig fail2ban on
Automated fail2ban installation
Automated fail2ban installation via ansible can be achieved using:
vars:
epel_download_url: http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
epel_download_path: /root/epel-release-6-8.noarch.rpm
tasks:
#Setup epel for downloading fail2ban
- name: Download epel RPM
get_url: url="{{ epel_download_url }}" dest="{{epel_download_path}}" timeout=5
environment: proxy_env
- name: Install epel RPM
yum: name="{{epel_download_path}}" state=present
environment: proxy_env
#Install fail2ban and enable it on startup
- name: Install fail2ban
yum: name=fail2ban state=present
- name: Start and enable fail2ban service
service: name=fail2ban state=started enabled=yes
<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>
