Difference between revisions of "Fail2ban"

Line 9: Line 9:
  
  
=Set default configuration=
+
=Configuration=
  
 
Edit the configuration file
 
Edit the configuration file
Line 18: Line 18:
  
  
Enable and adjust (~ line 24, ~ line 120):
+
==Default (generic) properties==
* Bantime
 
* SSH port
 
* SSH-DDOS
 
 
 
  
 
<syntaxhighlight lang="bash">  
 
<syntaxhighlight lang="bash">  
Line 33: Line 29:
  
  
 +
==SSH configuration==
  
 
+
Enable and adjust:
=SSH configuration=
+
* SSH port
 +
* SSH-DDOS
  
  

Revision as of 10:23, 6 June 2014


Installation

apt-get install fail2ban


Configuration

Edit the configuration file

vim /etc/fail2ban/jail.conf


Default (generic) properties

 
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime  = 3600


SSH configuration

Enable and adjust:

  • SSH port
  • SSH-DDOS


 
[ssh]
enabled  = true
#port     = ssh
port     = 2200
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-ddos]
enabled  = false
#port     = ssh
port     = 2200
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 6