Fail2ban: Difference between revisions
From James's Wiki
(Created page with " sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local") |
No edit summary |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | ||
to edit config edit the jail.local file!!! | |||
sudo nano /etc/fail2ban/jail.local | sudo nano /etc/fail2ban/jail.local | ||
==Log Files== | |||
sudo nano /var/log/fail2ban.log | |||
==Configuration== | |||
[sshd] | |||
# To use more aggressive sshd modes set filter parameter "mode" in jail.local: | |||
# normal (default), ddos, extra or aggressive (combines all). | |||
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. | |||
#mode = normal | |||
enabled = true | |||
port = ssh | |||
# initial ban time: | |||
bantime = 1h | |||
# incremental banning: | |||
bantime.increment = true | |||
# default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...): | |||
bantime.factor = 24 | |||
# max banning time = 5 week: | |||
bantime.maxtime = 5w | |||
logpath = %(sshd_log)s | |||
backend = %(sshd_backend)s | |||
==unban== | |||
fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE | |||
The hard part is finding the right jail: | |||
Use iptables -L -n to find the rule name... | |||
...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which. | |||
Latest revision as of 13:01, 24 March 2023
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
to edit config edit the jail.local file!!!
sudo nano /etc/fail2ban/jail.local
Log Files
sudo nano /var/log/fail2ban.log
Configuration
[sshd] # To use more aggressive sshd modes set filter parameter "mode" in jail.local: # normal (default), ddos, extra or aggressive (combines all). # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. #mode = normal enabled = true port = ssh # initial ban time: bantime = 1h # incremental banning: bantime.increment = true # default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...): bantime.factor = 24 # max banning time = 5 week: bantime.maxtime = 5w logpath = %(sshd_log)s backend = %(sshd_backend)s
unban
fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE
The hard part is finding the right jail:
Use iptables -L -n to find the rule name... ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.
