Difference between revisions of "Fail2ban"
Jump to navigation
Jump to search
(Created page with "On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) copy the template jail.cond to jail.local! edit jail.local and set at "TOP" for all services: <pre> bant...") |
|||
| Line 1: | Line 1: | ||
On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) | On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) | ||
| − | copy the template jail. | + | copy the template jail.conf to jail.local! |
edit jail.local and set at "TOP" for all services: | edit jail.local and set at "TOP" for all services: | ||
<pre> | <pre> | ||
Latest revision as of 23:44, 22 November 2017
On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) copy the template jail.conf to jail.local! edit jail.local and set at "TOP" for all services:
bantime = -1 #forever or "3600" for 1hour maxretry = 1
for SSH:
[sshd] port = 22 logpath = /var/log/auth.log backend = %(sshd_backend)s maxretry = 1 enabled = true
Remarks: on FreeBSD the banaction = bsd-ipfw #if ipfw is used!
DO ALWAYS TEST THE SETTINGS by looking into the fail2ban.log!
Should show X.Y.Z IP banned..if attacked or tested with wrong password login. do:
tail -f -n100 /var/log/fail2ban.log