Fail2ban: Difference between revisions
From James's Wiki
No edit summary |
No edit summary |
||
| Line 34: | Line 34: | ||
The hard part is finding the right jail: | The hard part is finding the right jail: | ||
Use iptables -L -n to find the rule name... | |||
...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which. | |||
Latest revision as of 13:01, 24 March 2023
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
to edit config edit the jail.local file!!!
sudo nano /etc/fail2ban/jail.local
Log Files
sudo nano /var/log/fail2ban.log
Configuration
[sshd] # To use more aggressive sshd modes set filter parameter "mode" in jail.local: # normal (default), ddos, extra or aggressive (combines all). # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. #mode = normal enabled = true port = ssh # initial ban time: bantime = 1h # incremental banning: bantime.increment = true # default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...): bantime.factor = 24 # max banning time = 5 week: bantime.maxtime = 5w logpath = %(sshd_log)s backend = %(sshd_backend)s
unban
fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE
The hard part is finding the right jail:
Use iptables -L -n to find the rule name... ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.
