Fail2ban

From wiki.linuxonlinehelp.eu
Revision as of 23:44, 22 November 2017 by Author (talk | contribs) (Created page with "On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) copy the template jail.cond to jail.local! edit jail.local and set at "TOP" for all services: <pre> bant...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

On Servers a "must have" is the Fail2Ban Log Monitor (Linux + FreeBSD) copy the template jail.cond to jail.local! edit jail.local and set at "TOP" for all services: 

bantime = -1 #forever or "3600" for 1hour
maxretry = 1

for SSH: 

[sshd]
port = 22
logpath = /var/log/auth.log
backend = %(sshd_backend)s
maxretry = 1
enabled = true

Remarks: on FreeBSD the banaction = bsd-ipfw #if ipfw is used!

DO ALWAYS TEST THE SETTINGS by looking into the fail2ban.log!

Should show X.Y.Z IP banned..if attacked or tested with wrong password login. do: 

tail -f -n100 /var/log/fail2ban.log
Retrieved from "https://wiki.linuxonlinehelp.eu//index.php?title=Fail2ban&oldid=351"