Created Friday 13 January 2017
Fail2ban will help protect against brute force attacks, by adding the host to the IP-block list. This is done by adding rules to iptables. We'll also configure, so that a E-mail will be sent, whenever a host has been blocked. We'll added a little extra security to Fail2Ban
Installation
$ pacman -S fail2ban
# Then enable the service
$ systemctl enable fail2ban.service
Configuration
# We'll add a little extra security
Allow full Read access
# Which will also allow fail2ban to set firewall rules with iptables.
# Create a file in /etc/systemd/system/fail2ban.service.d/capabilities.conf and add the following
[Service] CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
Jails
# Jails are the configuration for Fail2ban
# It comes with paths/locations for some different distros - but not for Arch.
# The Fedora paths should work though.
$ cp /etc/fail2ban/paths-fedora.conf /etc/fail2ban/paths-archlinux.conf
# The default Jail configuration can be found at /etc/fail2ban/jail.conf but this file should not be edited
# Instead, rules defined in the default Jail, can copied and defined to a separate file in /etc/fail2ban/jail.d/
# Make sure the Fedora paths has been copied
# Then create a file at /etc/fail2ban/jail.d/jail.local and insert the following
[INCLUDES] before = paths-archlinux.conf
# If you installed SSMTP as explained in Terminal (+shell), add the following too for mail notifications
[DEFAULT] mta = mail destemail = jeppesen@tutanota.com