SSH:Konfigurasi dengan Fail2ban: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
*Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail. | *Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail. | ||
<syntaxhighlight lang="shell"> | |||
vim /etc/fail2ban/jail.local | |||
</syntaxhighlight> | |||
*You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service. | *You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service. | ||
| Line 29: | Line 30: | ||
*With the information in table above you can create the jail.local configuration for OpenSSH server (sshd). Once you have entered the configuration options, the values used in this guide example are listed in the sample file below. | *With the information in table above you can create the jail.local configuration for OpenSSH server (sshd). Once you have entered the configuration options, the values used in this guide example are listed in the sample file below. | ||
<syntaxhighlight lang="shell" line="1"> | |||
[sshd] | |||
enabled = true | |||
port = ssh | |||
filter = sshd | |||
logpath = /var/log/auth.log | |||
maxretry = 3 | |||
findtime = 300 | |||
bantime = 3600 | |||
ignoreip = 127.0.0.1 | |||
</syntaxhighlight> | |||
*After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command: | *After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command: | ||
<syntaxhighlight lang="shell"> | |||
sudo systemctl restart fail2ban.service | |||
</syntaxhighlight> | |||
*After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs. | *After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs. | ||
*You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in <code>/etc/ssh/sshd_config</code>. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented. | *You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in <code>/etc/ssh/sshd_config</code>. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented. | ||
<syntaxhighlight lang="shell" line="1"> | |||
#To disable tunneled clear text passwords, change to no here! | #To disable tunneled clear text passwords, change to no here! | ||
PasswordAuthentication yes | |||
PermitEmptyPasswords no | |||
</syntaxhighlight> | |||
*This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges. | *This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges. | ||
Revision as of 13:53, 28 August 2022
- Begin by creating a new file within the same directory called jail.local. You can then add the necessary security configurations for the sshd jail.
vim /etc/fail2ban/jail.local
- You can explore the options that Fail2Ban provides to customize the security and blocking of the SSH service.
Fail2Ban Configuration Options:
| Configurations | Function |
|---|---|
| enabled | Jail status (true/false) - This enables or disables the jail |
| port | Port specification |
| filter | Service specific filter (Log filter) |
| logpath | What log to use |
| maxretry | Number of attempts to make before a ban |
| findtime | Amount of time between failed login attempts |
| bantime | Number of seconds an IP is banned for |
| ignoreip | IP to be allowed |
- With the information in table above you can create the jail.local configuration for OpenSSH server (sshd). Once you have entered the configuration options, the values used in this guide example are listed in the sample file below.
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1
- After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:
sudo systemctl restart fail2ban.service
- After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs.
- You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in
/etc/ssh/sshd_config. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented.
#To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
- This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges.