Difference between revisions of "Fail2ban"
| Line 48: | Line 48: | ||
[ssh-ddos] | [ssh-ddos] | ||
| − | enabled = | + | enabled = true |
#port = ssh | #port = ssh | ||
port = 2200 | port = 2200 | ||
filter = sshd-ddos | filter = sshd-ddos | ||
logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| − | maxretry = | + | maxretry = 4 |
| + | |||
| + | ... | ||
| + | |||
| + | [ssh-iptables-ipset4] | ||
| + | enabled = true | ||
| + | #port = ssh | ||
| + | port = 2200 | ||
| + | filter = sshd | ||
| + | banaction = iptables-ipset-proto4 | ||
| + | logpath = /var/log/sshd.log | ||
| + | maxretry = 4 | ||
| + | |||
| + | ... | ||
| + | |||
| + | [ssh-iptables-ipset6] | ||
| + | enabled = true | ||
| + | #port = ssh | ||
| + | port = 2200 | ||
| + | filter = sshd | ||
| + | banaction = iptables-ipset-proto6 | ||
| + | logpath = /var/log/sshd.log | ||
| + | maxretry = 4 | ||
| + | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | - Note - | ||
| + | |||
| + | By enabling the [ssh-iptables-*] rules that will put a filter on the layer 3 (IP level) in IpTables. That is very efficient !! | ||
Revision as of 11:34, 6 June 2014
Installation
apt-get install fail2ban
Configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Default (generic) properties
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
SSH configuration
Enable and adjust:
- SSH port
- SSH-DDOS
[ssh]
enabled = true
#port = ssh
port = 2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = true
#port = ssh
port = 2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset4]
enabled = true
#port = ssh
port = 2200
filter = sshd
banaction = iptables-ipset-proto4
logpath = /var/log/sshd.log
maxretry = 4
...
[ssh-iptables-ipset6]
enabled = true
#port = ssh
port = 2200
filter = sshd
banaction = iptables-ipset-proto6
logpath = /var/log/sshd.log
maxretry = 4
- Note -
By enabling the [ssh-iptables-*] rules that will put a filter on the layer 3 (IP level) in IpTables. That is very efficient !!
