Cara install fail2ban berikut ini aku pke untuk OS debian, tp prinsipnya utk OS lain mirip2, paling ganti cmd atau lokasi filenya aja.

Kegunaan Fail2ban utk mencegah bruteforce attack, dengan mekanisme baned ip jika ada client yg salah beberapa kali waktu memasukan password login.

Untuk debian, cmd installnya sbb (pke root account ya):
[code]# apt-get install fail2ban -y[/code]
klo di Centos, RedHat, Feodora sbb:
[code]# wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=ufpr
# tar -xjvf fail2ban-0.8.4.tar.bz2
# cd fail2ban-0.8.4
# python setup.py install[/code]
Autostart in RedHat,CentOS,Fedora
[code]# cp files/redhat-initd /etc/init.d/fail2ban
# chkconfig –add fail2ban
# chkconfig fail2ban on
# service fail2ban start[/code]
Setelah itu copy setingan fail2ban :
[code]# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local[/code]
jail.conf adalah seting dasar, sebaiknya ga usah diganti2, kita copy jd jail.local, disitu nanti yg kita edit2
[code]# nano /etc/fail2ban/jail.local[/code]
liat baris bantime, 600 detik = 10 menit, kurang lama gan, ganti bantime = 600 jd bantime = 86400 🙂

kira2 lengkapnya begini:
[code][DEFAULT]

# “ignoreip” can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 172.31.0.0/24 10.10.0.0/24 192.168.0.0/24
bantime = 86400
maxretry = 5

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/auth.log
maxretry = 5[/code]
klo pke centos redhat fedora, logpathnya ganti logpath=/var/log/secure
simpan dan save trs restart fail2bannya
[code]# /etc/init.d/fail2ban restart[/code]
cb check iptablesnya, mestinya ada tambahan fail2ban disitu, termasuk klo udah ada ip yg di block jg muncul disitu
[code]# iptables -L[/code]
Untuk menampilkan log yg salah password
[code]# cat /var/log/auth.log | grep ‘Failed password’ | sort | uniq -c[/code]
Cek fail2ban bekerja atau nggak, klo jawabannya Server replied: pong berarti jalan normal
[code]# fail2ban-client ping[/code]
Untuk yang pke apf, ada sdikit tambahan config:
[code]# cp /etc/fail2ban/action.d/shorewall.conf /etc/fail2ban/action.d/apf.conf
# nano /etc/fail2ban/action.d/apf.conf[/code]
Edit menjadi spt ini :
[code]actionban = apf –deny
actionunban = apf –remove[/code]
[code]# nano /etc/fail2ban/jail.local[/code]
Edit menjadi spt ini :
[code]banaction = apf[/code]

Referensi :
http://fail2ban.org
http://felipeferreira.net/?p=47
http://www.chekolyn.com/index.php/blog/show/How-to-make-APF-and-Fail2ban-work-toguether.html

work as freelancer, web developer, tourism support, organizer, etc - i’m a humanize human, a son, a father, a husband, who love coffee and cigarette, lazy and moody, entrepreneur, very easy to sleep, internet addict, bad designer, humorious, playing guitar, can’t singing & cooking, thin body, brown skin, smily, travelling & hiking, art & culture related, etc………

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.