Difference between revisions of "FAQ english"

From Fail2ban
Jump to: navigation, search
(typos)
Line 61: Line 61:
  
 
(I don't know, perhaps that's a feature request.)
 
(I don't know, perhaps that's a feature request.)
 +
 +
== '''Security''' ==
 +
 +
=== What do I have to consider when using fail2ban ===
 +
 +
Espically on systems wich provide ssh/CGI/PHP services to unknown users it is possible to block other users from ssh and probably other access as a unprivileged user may issue:
 +
 +
logger -p auth.warning -t 'sshd[123]' 'Illegal user user1 from 1.2.3.4'
 +
 +
Or the malicious user may write via PHP's openlog()/syslog() to syslog.
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Revision as of 10:00, 22 May 2006

General

What is Fail2ban?

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2ban can read multiple log files such as sshd or Apache web server ones.

Is Fail2ban free software?

Fail2ban is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

What do you need to run Fail2ban?

Take a look at Requirements section

Installation

Are there RPM/DEB packages for Fail2ban?

Sure. Please take a look at Downloads section

How can I install Fail2ban from a RPM/DEB package?

If you are using rpm:

rpm -ivh fail2ban-X.X.X.rpm

If you are required to install a src.rpm (source package) please follow these instructions:

rpm --rebuild fail2ban-X.X.X.src.rpm

After that, binary rpm will be placed at /usr/src/RPM/RPMS/ix86

rpm -ihv /usr/src/RPM/RPMS/ix86/fail2ban-X.X.X.rpm

Please check that your PATH is /usr/src/RPM/RPMS/ix86/ before doing anything else.

If you want to install Fail2ban from a .deb package:

dpkg -i fail2ban-X.X.X.deb

Configuration

What is the main configuration file for Fail2ban?

Fail2ban configuration process is rather simple. There is only one configuration file, where Fail2ban can be whole configurated, this file is located at: /etc/fail2ban.conf

You are able to edit this file using any editor we want: vim, emacs, joe, ae...

Configuration file must be edited by root

How can be Fail2ban configurated?

This step is fully detailed at HOWTOs chapter

Why do my CVS users using SSH getting blocked?

If your are using the Eclipse CVS integration with SSH, then each access of the CVS results in a failed access before a valid one is done. As a consequence your CVS users get banned from time to time.

Can I exclude failed logins for selected users from resluting in a ban?

(I don't know, perhaps that's a feature request.)

Security

What do I have to consider when using fail2ban

Espically on systems wich provide ssh/CGI/PHP services to unknown users it is possible to block other users from ssh and probably other access as a unprivileged user may issue:

logger -p auth.warning -t 'sshd[123]' 'Illegal user user1 from 1.2.3.4'

Or the malicious user may write via PHP's openlog()/syslog() to syslog.