Difference between revisions of "Fail2ban"
(Created page with " =Installation= <syntaxhighlight lang="bash"> apt-get install fail2ban </syntaxhighlight> =Set default configuration= Edit the configuration file <syntaxhighlight lang=...") |
|||
| Line 30: | Line 30: | ||
# "bantime" is the number of seconds that a host is banned. | # "bantime" is the number of seconds that a host is banned. | ||
bantime = 3600 | bantime = 3600 | ||
| + | </syntaxhighlight> | ||
| − | |||
| + | |||
| + | |||
| + | =SSH configuration= | ||
| + | |||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
[ssh] | [ssh] | ||
enabled = true | enabled = true | ||
Revision as of 10:23, 6 June 2014
Installation
apt-get install fail2ban
Set default configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Enable and adjust (~ line 24, ~ line 120):
- Bantime
- SSH port
- SSH-DDOS
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
SSH configuration
[ssh]
enabled = true
#port = ssh
port = 2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = false
#port = ssh
port = 2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 6
