Fail2ban
From CVL Wiki
| Line 27: | Line 27: | ||
iptables -D '''[chain-name]''' '''[line-number]''' | iptables -D '''[chain-name]''' '''[line-number]''' | ||
| − | To unban the IP address 1.234.20.21, the command would be: | + | To unban the IP address 1.234.20.21 (see above), the command would be: |
Code: | Code: | ||
iptables -D fail2ban-ssh 2 | iptables -D fail2ban-ssh 2 | ||
| − | |||
Reference: | Reference: | ||
| Line 37: | Line 36: | ||
| − | == | + | ==Installing Fail2ban== |
===OS X=== | ===OS X=== | ||
| + | This is an advanced setup, and requires using the terminal to install and modify files. | ||
| + | |||
| + | ====Install IceFloor==== | ||
| + | IceFloor is an open-source graphical front-end for [http://www.openbsd.org/faq/pf/ pf], the default built-in firewall for OS X. | ||
| + | |||
| + | # Download and install IceFloor: http://www.hanynet.com/icefloor/ | ||
| + | |||
| + | |||
| + | ====Install MacPorts==== | ||
add the below line to /opt/local/etc/fail2ban/filters.d/ssh.conf | add the below line to /opt/local/etc/fail2ban/filters.d/ssh.conf | ||
^%(__prefix_line)s(?:error: PAM: )?unknown user for illegal user .* from <HOST>( via \S+)?\s*$ | ^%(__prefix_line)s(?:error: PAM: )?unknown user for illegal user .* from <HOST>( via \S+)?\s*$ | ||
Revision as of 16:16, 4 December 2014
Contents |
Fail2ban
We use the package fail2ban on all of our linux machines to help prevent ssh password brute-forcing. This package will block an IP address after a certain number (usually 10) of failed attempts.
If your address has been accidentally blocked on a server, and you are able to log in and control the server (usually via a different computer) you can remove your banned IP address from iptables.
To unban an IP address manually, it is necessary to know the chain name and the rule number. The following command can be used to acquire this information:
Code:
iptables -L -n --line-numbers
The relevant bits are at the end of the output. Here is an example chain with attendant rules:
Code:
Chain fail2ban-ssh (1 references) num target prot opt source destination 1 DROP all -- 204.110.13.107 anywhere 2 DROP all -- 1.234.20.21 anywhere 3 DROP all -- gw-tair-rp.rel.com.ua anywhere 4 RETURN all -- anywhere anywhere
In this example, three (3) IP addresses have been banned via the SSH jail (these are the DROP rules).
To unban an IP address, you would run the following command:
Code:
iptables -D [chain-name] [line-number]
To unban the IP address 1.234.20.21 (see above), the command would be:
Code:
iptables -D fail2ban-ssh 2
Reference: http://www.howtoforge.com/forums/showthread.php?t=51366&page=2
Installing Fail2ban
OS X
This is an advanced setup, and requires using the terminal to install and modify files.
Install IceFloor
IceFloor is an open-source graphical front-end for pf, the default built-in firewall for OS X.
- Download and install IceFloor: http://www.hanynet.com/icefloor/
Install MacPorts
add the below line to /opt/local/etc/fail2ban/filters.d/ssh.conf
^%(__prefix_line)s(?:error: PAM: )?unknown user for illegal user .* from <HOST>( via \S+)?\s*$
