Fail2ban configuration...
- Thread starter Minmeo
- Start date
Raymii
New Member
Here's my /etc/fail2ban/jail.local for reference. It only operates on ssh, blocks you after 3 failed attempts for 1 hour:
Code:
grep -v -e "^#" -e "^$" /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 77.172.73.184
bantime = 3600
maxretry = 3
backend = auto
destemail = [email protected]
banaction = iptables-multiport
mta = postfix
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action = %(action_)s
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
[ssh-ddos]
enabled = true
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.log
maxretry = 3
Last edited by a moderator:
TheLinuxBug
New Member
If you are only using Fail2ban to protect ssh then you may be interested in using DenyHosts instead. I wrote a real easy automated script for installing it on CentOS and Debian (although installing from the package really isn't that difficult it just gives an easy quick interface to setting it up). You can find the script
Cheers!
Cheers!