I am sorry but at 8:36 you said that the jail for sshd is already set and there is no additional action needed, but then in 8:47 you said that enabled = true is needed????
Hey Jair, sorry for the confusion. What Jay is saying there is that the sshd is enabled by default. Normally, to enable other jails, you would have to manually enter enabled=true. Hope that helps!
@@AkamaiDeveloper Is that a Linode specific setting or something that's universal? I couldn't find any documentation that seems to say sshd is enabled by default.
Just jumping here to clarify some things. At about 4:26 you'll notice that there's a `jail.d` directory. This is an extension of jail.conf per say. If you dive into it, you'll see a defaults conf file which has sshd enabled. Just wanted to clarify for any future viewers.
No mention of: systemctl start fail2ban systemctl enable fail2ban Had to look for it in a different guide. People who are your target audience are novices to linux, so this info is paramount.
Fail2ban can block single IP addresses, and even a range of addresses if you find yourself under attack from a specific source. When it comes to server security, it's recommended to follow these best practices www.linode.com/docs/guides/securing-your-server/
Had problems on minimal CLI Debian install. fail2ban failed during configuration have not found any log file for sshd jail Had to install app rsyslog (sudo apt install rsyslog). Without this app ssh did not create a log file in /var/log/auth.log
When adding to the "ignoreip" line in jail.local, what if I'm accessing the server in question from another computer in the same network? Do I just enter the local/internal IP of that computer or do I still have to enter its external IP? Thanks!
I changed my port for accessing ssh in /etc/ssh/sshd_config. In the sshd section of jail.conf/jail.local, it indicates the sshd port as ssh. Does it get the ssh port number from the /etc/ssh/sshd_config file, or do I need to enter the port number in the sshd section of jail.local? NEVER MIND. I just watched Jay's 2019 video on fail2ban and he says in that video that you need to change the port number in jail.local if it is not the standard ssh port (port 22).
Hi..I learnt a lot from linode n i appreciate the details shared.However i hv a query f2b does is monitor the ip but when it bans how can we make it drop those ban ip instead of reject..
It looks like it's possible to configure your iptables to work with Fail2Ban to "Drop" instead of "Reject". Here's an article we found which might help you out: www.the-art-of-web.com/system/fail2ban/
Jay did that step off camera, here is a link to the guide which outlines commands to install it yourself depending on what distro you're using www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/#how-to-install-fail2ban
Very outdated now, indeed. No mentioning of how to work with the ufw settings and not a single word on how to configure sender mail address. I also wanted to find answers how to configure the local file if my SSH port is not on 22. Pfffj
I found out from fail2ban github that there’s a bug with the current version working under debian. Its fixable by doing this echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf
Very nicely presented. Short, sweet, and to the point. Excellent job.
I am sorry but at 8:36 you said that the jail for sshd is already set and there is no additional action needed, but then in 8:47 you said that enabled = true is needed????
Hey Jair, sorry for the confusion. What Jay is saying there is that the sshd is enabled by default. Normally, to enable other jails, you would have to manually enter enabled=true. Hope that helps!
@@AkamaiDeveloper Is that a Linode specific setting or something that's universal? I couldn't find any documentation that seems to say sshd is enabled by default.
@@circuitguy9750 All of our distros have sshd configured to start and run by default.
Just jumping here to clarify some things. At about 4:26 you'll notice that there's a `jail.d` directory. This is an extension of jail.conf per say. If you dive into it, you'll see a defaults conf file which has sshd enabled. Just wanted to clarify for any future viewers.
@@davidogutu9110 now *THAT* is an explanation, thanks :)
No mention of:
systemctl start fail2ban
systemctl enable fail2ban
Had to look for it in a different guide. People who are your target audience are novices to linux, so this info is paramount.
It's basic systemd commands, whenever you install a service, run theses commands
@@alexandre_1a442someone who doesn’t know what fail2ban is, won’t even know what systemd is Xd
It will already both be enabled and started
Simple, clear and to point
What if brute force attack is launched from cloud. You can rotate ip address from cloud ?
Fail2ban can block single IP addresses, and even a range of addresses if you find yourself under attack from a specific source. When it comes to server security, it's recommended to follow these best practices www.linode.com/docs/guides/securing-your-server/
If I have disabled passworfd logins and I am using ssh key do I still need fail2ban and if yes how do I test it ?
I guess you could look at the logs. Great question
Had problems on minimal CLI Debian install.
fail2ban failed during configuration have not found any log file for sshd jail
Had to install app rsyslog (sudo apt install rsyslog).
Without this app ssh did not create a log file in /var/log/auth.log
2025 calling in, you helped me with my Raspberry Pi OS Lite installation on my Pi-5. Thanks kind stranger!
Would this work for a Raspberry Pi setup? I'm using it to run Plex Media Server and use an external USB drive to store all my media
Yes, as long as you're using the same distro as in the tutorial, the steps to setting up Fail2ban should be the same.
I didnt quite understand why we copying the conf files to local files
When adding to the "ignoreip" line in jail.local, what if I'm accessing the server in question from another computer in the same network? Do I just enter the local/internal IP of that computer or do I still have to enter its external IP? Thanks!
for a local IP, just put your local IP form your computer ( you can see it by loggin into SSH and look at the SSH logs )
I changed my port for accessing ssh in /etc/ssh/sshd_config. In the sshd section of jail.conf/jail.local, it indicates the sshd port as ssh. Does it get the ssh port number from the /etc/ssh/sshd_config file, or do I need to enter the port number in the sshd section of jail.local?
NEVER MIND. I just watched Jay's 2019 video on fail2ban and he says in that video that you need to change the port number in jail.local if it is not the standard ssh port (port 22).
Hi..I learnt a lot from linode n i appreciate the details shared.However i hv a query f2b does is monitor the ip but when it bans how can we make it drop those ban ip instead of reject..
It looks like it's possible to configure your iptables to work with Fail2Ban to "Drop" instead of "Reject". Here's an article we found which might help you out:
www.the-art-of-web.com/system/fail2ban/
Sounds pretty basic and simply installing/turning on Fail2ban is another great security layer of protection for your Linode.
you installed sendmail? Umm,,, where? when? You never showed that step!
Jay did that step off camera, here is a link to the guide which outlines commands to install it yourself depending on what distro you're using www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/#how-to-install-fail2ban
nice now I can keep those Chinese and Indonesian ssh Brute force attempts at bay
Great stuff 👍
Jay... you rock
Incredibly concise video! well done!
Very outdated now, indeed. No mentioning of how to work with the ufw settings and not a single word on how to configure sender mail address.
I also wanted to find answers how to configure the local file if my SSH port is not on 22.
Pfffj
that thigs has some GUI right?
I am getting ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
does this work with Debian 12?
try:
systemctl start fail2ban
systemctl enable fail2ban
or
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
My response got deleted. Wonder why.
I found out from fail2ban github that there’s a bug with the current version working under debian. Its fixable by doing this
echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf
echo "sshd_backend = systemd" >> /etc/fail2ban/paths-debian.conf