nginx
fail2ban
OracleLinux

How to install and setup fail2ban for nginx on OracleLinux

More than 1 year has passed since last update.

yum install fail2ban


$ yum install fail2ban

Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.9.6-3.el7 will be installed
--> Processing Dependency: fail2ban-sendmail = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Processing Dependency: fail2ban-server = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Processing Dependency: fail2ban-firewalld = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Running transaction check
---> Package fail2ban-firewalld.noarch 0:0.9.6-3.el7 will be installed
---> Package fail2ban-sendmail.noarch 0:0.9.6-3.el7 will be installed
---> Package fail2ban-server.noarch 0:0.9.6-3.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================
 Package                                Arch                       Version                            Repository                              Size
===================================================================================================================================================
Installing:
 fail2ban                               noarch                     0.9.6-3.el7                        ol7_developer_EPEL                      11 k
Installing for dependencies:
 fail2ban-firewalld                     noarch                     0.9.6-3.el7                        ol7_developer_EPEL                      11 k
 fail2ban-sendmail                      noarch                     0.9.6-3.el7                        ol7_developer_EPEL                      13 k
 fail2ban-server                        noarch                     0.9.6-3.el7                        ol7_developer_EPEL                     285 k

Transaction Summary
===================================================================================================================================================
Install  1 Package (+3 Dependent packages)

Total download size: 320 k
Installed size: 933 k
Is this ok [y/d/N]: y
Downloading packages:
(1/4): fail2ban-firewalld-0.9.6-3.el7.noarch.rpm                                                                            |  11 kB  00:00:03     
(2/4): fail2ban-0.9.6-3.el7.noarch.rpm                                                                                      |  11 kB  00:00:03     
(3/4): fail2ban-sendmail-0.9.6-3.el7.noarch.rpm                                                                             |  13 kB  00:00:00     
(4/4): fail2ban-server-0.9.6-3.el7.noarch.rpm                                                                               | 285 kB  00:00:00     
---------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                               71 kB/s | 320 kB  00:00:04     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : fail2ban-server-0.9.6-3.el7.noarch                                                                                              1/4 
  Installing : fail2ban-firewalld-0.9.6-3.el7.noarch                                                                                           2/4 
  Installing : fail2ban-sendmail-0.9.6-3.el7.noarch                                                                                            3/4 
  Installing : fail2ban-0.9.6-3.el7.noarch                                                                                                     4/4 
  Verifying  : fail2ban-server-0.9.6-3.el7.noarch                                                                                              1/4 
  Verifying  : fail2ban-firewalld-0.9.6-3.el7.noarch                                                                                           2/4 
  Verifying  : fail2ban-0.9.6-3.el7.noarch                                                                                                     3/4 
  Verifying  : fail2ban-sendmail-0.9.6-3.el7.noarch                                                                                            4/4 

Installed:
  fail2ban.noarch 0:0.9.6-3.el7                                                                                                                    

Dependency Installed:
  fail2ban-firewalld.noarch 0:0.9.6-3.el7           fail2ban-sendmail.noarch 0:0.9.6-3.el7           fail2ban-server.noarch 0:0.9.6-3.el7          

Complete!

edit jail.local

$ cp jail.conf jail.local

edit

jail.local
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local

#
# HTTP servers
#

[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/*error*.log

[nginx-login]
enabled = true
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1

[nginx-badbots]
enabled  = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1

[nginx-proxy]
enabled = false
action = iptables-multiport[name=NoProxy, port="http,https"]
filter = nginx-proxy
logpath = /var/log/nginx/*access*.log
maxretry = 0

[nginx-dos]
enabled  = true
port     = http
filter   = nginx-dos
logpath  = /var/log/nginx/*access*.log
findtime = 120
maxretry = 200