286
edits
Changes
Jump to navigation
Jump to search
Created page with "On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) copy the template jail.cond to jail.local! edit jail.local and set at "TOP" for all services: <pre> bant..."
On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD)
copy the template jail.cond to jail.local!
edit jail.local and set at "TOP" for all services:
<pre>
bantime = -1 #forever or "3600" for 1hour
maxretry = 1
</pre>
for SSH:
<pre>
[sshd]
port = 22
logpath = /var/log/auth.log
backend = %(sshd_backend)s
maxretry = 1
enabled = true
</pre>
Remarks:
on FreeBSD the banaction = bsd-ipfw #if ipfw is used!
DO ALWAYS TEST THE SETTINGS by looking into the fail2ban.log!
Should show X.Y.Z IP banned..if attacked or tested with wrong password login.
do:
<pre>
tail -f -n100 /var/log/fail2ban.log
</pre>
copy the template jail.cond to jail.local!
edit jail.local and set at "TOP" for all services:
<pre>
bantime = -1 #forever or "3600" for 1hour
maxretry = 1
</pre>
for SSH:
<pre>
[sshd]
port = 22
logpath = /var/log/auth.log
backend = %(sshd_backend)s
maxretry = 1
enabled = true
</pre>
Remarks:
on FreeBSD the banaction = bsd-ipfw #if ipfw is used!
DO ALWAYS TEST THE SETTINGS by looking into the fail2ban.log!
Should show X.Y.Z IP banned..if attacked or tested with wrong password login.
do:
<pre>
tail -f -n100 /var/log/fail2ban.log
</pre>