User Tools

Site Tools


wiki:server:fail2ban

Fail2ban

Install fail2ban and itset:

apt-get install fail2ban ipset

Copy config file to local one which has high propriety

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Or create a new one:

vi /etc/fail2ban/jail.local

Replace <YOUR_SSH_PORT>:

[DEFAULT]
banaction = iptables-ipset-proto6-allports
 
[sshd]
enabled = true
port    = <YOUR_SSH_PORT>
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3
findtime = 604800
# max is 4294967 for ipset timeout
bantime = 4294967
 
 
[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
enabled = true
port    = <YOUR_SSH_PORT>
logpath = %(sshd_log)s
backend = %(sshd_backend)s

Restart fail2ban:

service fail2ban restart

Check status:

fail2ban-client status
fail2ban-client status sshd

Unban an IP:

fail2ban-client set sshd unbanip <IP>
wiki/server/fail2ban.txt · Last modified: 2022/03/31 14:10 by maxduke

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki