Difference between revisions of "Fail2ban"
| Line 22: | Line 22: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[DEFAULT] | [DEFAULT] | ||
| − | ignoreip = 127.0.0.1/8 | + | ignoreip = 127.0.0.1/8 172.16.50.0/24 |
... | ... | ||
# "bantime" is the number of seconds that a host is banned. | # "bantime" is the number of seconds that a host is banned. | ||
| − | bantime = 3600 | + | # default 600s ; 86400 = 24h |
| + | bantime = 86400 | ||
| + | |||
| + | # Increase max attempt time 'cause lots of scanner are using the default time + 1s. | ||
| + | # default 600 | ||
| + | findtime=3600 | ||
| + | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | * In "ignoreip" add your LAN + VPN networks | ||
| + | |||
| + | * Adjust "bantime" | ||
Revision as of 18:06, 7 June 2014
Installation
apt-get install fail2ban
Configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Default (generic) properties
[DEFAULT]
ignoreip = 127.0.0.1/8 172.16.50.0/24
...
# "bantime" is the number of seconds that a host is banned.
# default 600s ; 86400 = 24h
bantime = 86400
# Increase max attempt time 'cause lots of scanner are using the default time + 1s.
# default 600
findtime=3600
- In "ignoreip" add your LAN + VPN networks
- Adjust "bantime"
SSH configuration
Enable and adjust:
- SSH
- SSH-DDOS
- SSH-iptables-*
[ssh]
enabled = true
port = ssh,2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = true
port = ssh,2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset4]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto4
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset6]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto6
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
- Note -
- You can use multi-port filtering with port=X,Y
- For IpTables rules you have to adjust the logpath
