fail2ban

fail2ban is installed on cerf, postel and taylor to monitor and ban repeated failed login attempts, i.e. from attempts to login as root and as random users to gain access to our servers. cerf also has additional rules to prevent repeated attempts to subscribe to our lists to send spam.

The software has been installed from a standard Ubuntu Linux package.

The local configuration is in /etc/fail2ban/jail.local, and the log is in /var/log/fail2ban.log. Bans last by default for 86400 seconds (1 day). Bans are applied by iptables rules, stored in the fail2ban-ssh chain.

The custom filter for mailman is in cerf:/etc/fail2ban/filters.d/mailman.conf; this will need updated whenever a mailing list is added or removed.

If you need to unban an IP, run the command fail2ban-client set JAILNAME unbanip IPADDRESS, e.g.

sudo fail2ban-client set ssh unbanip 192.168.95.151
sudo fail2ban-client set mailman unbanup 172.17.169.205