Fail2ban

From James's Wiki
Revision as of 12:54, 24 March 2023 by Ractive (talk | contribs)
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

to edit config edit the jail.local file!!! 

sudo nano /etc/fail2ban/jail.local

Log Files

sudo nano /var/log/fail2ban.log

Configuration

[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
enabled = true
port    = ssh
# initial ban time:
bantime = 1h
# incremental banning:
bantime.increment = true
# default factor (causes increment - 1h -> 1d 2d 4d 8d 16d 32d ...):
bantime.factor = 24
# max banning time = 5 week:
bantime.maxtime = 5w
logpath = %(sshd_log)s
backend = %(sshd_backend)s

unban

fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE

The hard part is finding the right jail: 

   Use iptables -L -n to find the rule name...
   ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.
Retrieved from "https://wiki.jamesclaus.com/index.php?title=Fail2ban&oldid=857"
Powered by MediaWiki