Fail2ban
Installation
apt-get install fail2ban
Configuration
Edit the configuration file
vim /etc/fail2ban/jail.conf
Default (generic) properties
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
SSH configuration
Enable and adjust:
- SSH
- SSH-DDOS
- SSH-iptables-*
[ssh]
enabled = true
port = ssh,2200
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-ddos]
enabled = true
port = ssh,2200
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset4]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto4
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
...
[ssh-iptables-ipset6]
enabled = true
port = ssh,2200
filter = sshd
banaction = iptables-ipset-proto6
#logpath = /var/log/sshd.log
logpath = /var/log/auth.log
maxretry = 4
- Note -
- You can use multi-port filtering with port=X,Y
- For IpTables rules you have to adjust the logpath
