Fail2ban
Installation
apt-get install fail2ban
Configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Default (generic) properties
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
SSH configuration
Enable and adjust:
- SSH port
- SSH-DDOS
[ssh]
enabled = true
#port = ssh
port = 2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = true
#port = ssh
port = 2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset4]
enabled = true
#port = ssh
port = 2200
filter = sshd
banaction = iptables-ipset-proto4
logpath = /var/log/sshd.log
maxretry = 4
...
[ssh-iptables-ipset6]
enabled = true
#port = ssh
port = 2200
filter = sshd
banaction = iptables-ipset-proto6
logpath = /var/log/sshd.log
maxretry = 4
- Note -
By enabling the [ssh-iptables-*] rules that will put a filter on the layer 3 (IP level) in IpTables. That is very efficient !!
