This article was last reviewed for Debian 9 (Stretch).
Fail2ban configuration environment (Debian, repository)
| Author: | Stefán Örvar Sigmundsson |
|---|---|
| Initial publication: | |
| Last updated: | |
| Written in: | English (United Kingdom) |
Fail2ban is a free and open-source intrusion detection and prevention software. This article will demonstrate how to use the configuration environment of Fail2ban on Debian or its derivatives such as Ubuntu and Linux Mint.
Environment
The Debian fail2ban package sets up a particular directory layout. Fail2ban is preconfigured to protect the most commonly installed server software, such as SSH servers. The general idea is that the user not modify the .conf files but instead create .local files to override the preconfiguration. Files ending in .conf maybe be overwritten by the package manager during updates. This applies to general configuration, actions, filters and jails.
Directory layout
The following table summarises the directory layout:
| Path | Purpose |
|---|---|
| /etc/fail2ban/ | Fail2ban configuration directory. |
| /etc/fail2ban/action.d/ | Actions performed to system to prevent intrusions. |
| /etc/fail2ban/fail2ban.d/ | General configuration directory. |
| /etc/fail2ban/filter.d/ | Filters applied on log files to detect intrusions. |
| /etc/fail2ban/jail.d/ | Intrusion detection and prevention configuration directory. |
| /etc/fail2ban/fail2ban.conf | General configuration file. |
| /etc/fail2ban/jail.conf | Intrusion detection and prevention configuration file. |
| /etc/fail2ban/paths-common.conf | Preconfigured path variables. |
| /etc/fail2ban/paths-debian.conf | Preconfigured path variables. |
| /etc/fail2ban/paths-opensuse.conf | Preconfigured path variables. |
fail2ban.conf
The fail2ban.conf file contains Fail2ban's general configuration. A fail2ban.local file should be created to override the preconfiguration. In cases in which the users requires complex configuration of Fail2ban, the fail2ban.d directory can be used to contain additional files for general configuration.
jail.conf
The jail.conf file contains intrusion detection and prevention configuration. A jail.local file should be created to override the preconfiguration. In cases in which the users requires complex and numerous jails, the jail.d directory can be used to contain additional files for intrusion detection and prevention configuration.
paths-*
The paths-* files contain predefined variables for common paths to relevant locations on the system. It is up to the user whether they be used or not.
action.d
The action.d directory contains preconfigured actions to execute upon detection of intrusion to prevent harm to the system. Custom actions can be added as needed and customisation of preconfigured actions should be contained in .local files.
fail2ban.d
The fail2ban.d directory can contain Fail2ban's general configuration.
filter.d
The filter.d directory contains preconfigured filters to detect intrusion into the system. Custom filters can be added as needed and customisation of preconfigured filters should be contained in .local files.
jail.d
The jail.d directory can contain intrusion detection and prevention configuration.