{"id":1164,"date":"2022-09-16T15:51:20","date_gmt":"2022-09-16T20:51:20","guid":{"rendered":"https:\/\/techexperiencemx.com\/?p=1164"},"modified":"2023-01-20T13:55:33","modified_gmt":"2023-01-20T19:55:33","slug":"instalar-fail2ban-ubuntu","status":"publish","type":"post","link":"https:\/\/techexperiencemx.com\/?p=1164","title":{"rendered":"Instalar Fail2Ban Ubuntu"},"content":{"rendered":"\n<p>Hola buen d\u00eda amigos hoy vamos a instalar este servicio Fail2Ban en nuestro server, va mas dirigido a VPS y el servicio ssh que esta en abierto a la internet y protegerla de intentos de acceso por fuerza bruta, los servicios que puede proteger son: sftp,ftp,imap,smtp,pop3,ssh entre otros. <\/p>\n\n\n\n<p>Ya instalado nuestro Ubuntu actualizamos el mismo <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt-get  update<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/1-2.png\" alt=\"\" class=\"wp-image-1165\" width=\"566\" height=\"371\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/1-2.png 566w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/1-2-300x197.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Instalamos Fail2ban<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt-get install fail2ban<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/2-2.png\" alt=\"\" class=\"wp-image-1166\" width=\"569\" height=\"373\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/2-2.png 569w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/2-2-300x197.png 300w\" sizes=\"auto, (max-width: 569px) 100vw, 569px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Habilitamos el servicio<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl start  fail2ban<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>Listo!! Validamos que el servicio este activo <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo service fail2ban status<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/3-3.png\" alt=\"\" class=\"wp-image-1167\" width=\"566\" height=\"371\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/3-3.png 566w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/3-3-300x197.png 300w\" sizes=\"auto, (max-width: 566px) 100vw, 566px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Configurando Fail2ban<\/h2>\n\n\n\n<p>necesitamos duplicar el archivo jail.conf por jail.local esto es para evitar cometer alg\u00fan error en el archivo .conf original y as\u00ed tendremos el .local donde podremos poner todas la configuraciones que queramos <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/4-2.png\" alt=\"\" class=\"wp-image-1168\" width=\"563\" height=\"370\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/4-2.png 563w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/4-2-300x197.png 300w\" sizes=\"auto, (max-width: 563px) 100vw, 563px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Agregar IPs a listas Blanca  <\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo nano \/etc\/fail2ban\/jail.local<\/pre>\n\n\n\n<p>#ignoreip = 127.0.0.1\/8  ::1  <\/p>\n\n\n\n<p>ignoreip = 127.0.0.1\/8 ::1,   192.168.0.50\/24<\/p>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ignoreip: Es la lista blanca de IPs que no van a ser analizadas ni bloqueadas. Pueden ser direcciones IP o nombre de dominio separados por ,\n\nbantime: El tiempo en segundos que van a ser bloqueadas las conexiones.\n\nmaxretry: La cantidad de rechazos que son aceptados antes de ser baneados.\n\nfindtime: El per\u00edodo de tiempo en el que se realizan los intentos (maxretry) fallidos.<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/5-4.png\" alt=\"\" class=\"wp-image-1170\" width=\"574\" height=\"375\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/5-4.png 574w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/5-4-300x196.png 300w\" sizes=\"auto, (max-width: 574px) 100vw, 574px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Consulta de los filtros<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cd \/etc\/fail2ban\/filter.d<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/8.png\" alt=\"\" class=\"wp-image-1180\" width=\"568\" height=\"345\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/8.png 568w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/8-300x182.png 300w\" sizes=\"auto, (max-width: 568px) 100vw, 568px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Activar servicios <\/h2>\n\n\n\n<p>Por defecto los servicios est\u00e1n deshabilitados pero para activarlos deberemos agregar \u00abenabled = true\u00bb<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[sshd]\n\n# To use more aggressive sshd modes set filter parameter \"mode\" in jail.local:\n# normal (default), ddos, extra or aggressive (combines all).\n# See \"tests\/files\/logs\/sshd\" or \"filter.d\/sshd.conf\" for usage example and details.\n#mode   = normal\n<mark style=\"background-color:rgba(0, 0, 0, 0);color:#f50808\" class=\"has-inline-color\">enabled  = true<\/mark>\nport    = ssh\nlogpath = %(sshd_log)s\nbackend = %(sshd_backend)s\nmaxretry = 3\nfindtime = 10m\nbantime = -1<\/pre>\n\n\n\n<p>Reiniciamos el servicio<\/p>\n\n\n\n<p><mark style=\"background-color:rgba(0, 0, 0, 0);color:#f40404\" class=\"has-inline-color\">cada que hagamos alguna modificaci\u00f3n necesitamos ejecutar este comando <\/mark><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo service fail2ban restart <\/pre>\n\n\n\n<p>Validamos que este funcionando Fail2ban<\/p>\n\n\n\n<p>veremos que fail2ban esta bloqueando ips con estos comandos<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo zgrep 'Ban' \/var\/log\/fail2ban.log*<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo fail2ban-client status sshd<\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/6-2.png\" alt=\"\" class=\"wp-image-1175\" width=\"658\" height=\"376\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/6-2.png 658w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/6-2-300x171.png 300w\" sizes=\"auto, (max-width: 658px) 100vw, 658px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/7-3.png\" alt=\"\" class=\"wp-image-1177\" width=\"659\" height=\"375\" srcset=\"https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/7-3.png 659w, https:\/\/techexperiencemx.com\/wp-content\/uploads\/2022\/09\/7-3-300x171.png 300w\" sizes=\"auto, (max-width: 659px) 100vw, 659px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Agregar\/Quitar IPs del bloqueo de Fail2Ban<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">Agregar\n\nsudo fail2ban-client set sshd banip [IP_ADDRESS]<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">Quitar\n\nsudo fail2ban-client set sshd unbanip [IP_ADDRESS]<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Eliminar Fail2Ban <\/h2>\n\n\n\n<p>Eliminar<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl stop  fail2ban\n\nsudo systemctl disable fail2ban\n\n\nsudo apt-get remove fail2ban\n<\/pre>\n\n\n\n<p>Eliminar junto con dependencias<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt-get remove \u2013auto-remove fail2ban<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Saber el Pa\u00eds de bloqueo <\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt install geoip-bin<\/pre>\n\n\n\n<p>Consultar todas las ip <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">iptables -n -L f2b-sshd | grep REJECT | awk '{print $4}' | xargs -n1 geoiplookup | sort | uniq -c<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Hola buen d\u00eda amigos hoy vamos a instalar este servicio Fail2Ban en nuestro server, va mas dirigido a VPS y el servicio ssh que esta en abierto a la internet y protegerla de intentos de acceso por fuerza bruta, los servicios que puede proteger son: sftp,ftp,imap,smtp,pop3,ssh entre otros. Ya instalado nuestro Ubuntu actualizamos el mismo [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1182,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[21],"tags":[],"class_list":["post-1164","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps-cloud"],"_links":{"self":[{"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/posts\/1164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1164"}],"version-history":[{"count":0,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/posts\/1164\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=\/wp\/v2\/media\/1182"}],"wp:attachment":[{"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techexperiencemx.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}