Difference between revisions of "Fail2ban"
| Line 32: | Line 32: | ||
Enable and adjust: | Enable and adjust: | ||
| − | * SSH | + | * SSH |
* SSH-DDOS | * SSH-DDOS | ||
| − | + | * SSH-iptables-* | |
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[ssh] | [ssh] | ||
enabled = true | enabled = true | ||
| − | + | port = ssh,2200 | |
| − | |||
filter = sshd | filter = sshd | ||
logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| Line 49: | Line 48: | ||
[ssh-ddos] | [ssh-ddos] | ||
enabled = true | enabled = true | ||
| − | + | port = ssh,2200 | |
| − | |||
filter = sshd-ddos | filter = sshd-ddos | ||
logpath = /var/log/auth.log | logpath = /var/log/auth.log | ||
| Line 59: | Line 57: | ||
[ssh-iptables-ipset4] | [ssh-iptables-ipset4] | ||
enabled = true | enabled = true | ||
| − | + | port = ssh,2200 | |
| − | |||
filter = sshd | filter = sshd | ||
banaction = iptables-ipset-proto4 | banaction = iptables-ipset-proto4 | ||
| − | logpath = /var/log/sshd.log | + | #logpath = /var/log/sshd.log |
| + | logpath = /var/log/auth.log | ||
maxretry = 4 | maxretry = 4 | ||
| Line 70: | Line 68: | ||
[ssh-iptables-ipset6] | [ssh-iptables-ipset6] | ||
enabled = true | enabled = true | ||
| − | + | port = ssh,2200 | |
| − | |||
filter = sshd | filter = sshd | ||
banaction = iptables-ipset-proto6 | banaction = iptables-ipset-proto6 | ||
| − | logpath = /var/log/sshd.log | + | #logpath = /var/log/sshd.log |
| + | logpath = /var/log/auth.log | ||
maxretry = 4 | maxretry = 4 | ||
| Line 82: | Line 80: | ||
- Note - | - Note - | ||
| − | + | * You can use multi-port filtering with port=X,Y | |
| + | |||
| + | * For IpTables rules you have to adjust the logpath | ||
Revision as of 11:46, 6 June 2014
Installation
apt-get install fail2ban
Configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Default (generic) properties
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
SSH configuration
Enable and adjust:
- SSH
- SSH-DDOS
- SSH-iptables-*
[ssh]
enabled = true
port = ssh,2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = true
port = ssh,2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset4]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto4
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset6]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto6
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
- Note -
- You can use multi-port filtering with port=X,Y
- For IpTables rules you have to adjust the logpath
