Difference between revisions of "Fail2ban"

Line 32: Line 32:
  
 
Enable and adjust:
 
Enable and adjust:
* SSH port
+
* SSH
 
* SSH-DDOS
 
* SSH-DDOS
 
+
* SSH-iptables-*
  
 
<syntaxhighlight lang="bash">  
 
<syntaxhighlight lang="bash">  
 
[ssh]
 
[ssh]
 
enabled  = true
 
enabled  = true
#port    = ssh
+
port    = ssh,2200
port    = 2200
 
 
filter  = sshd
 
filter  = sshd
 
logpath  = /var/log/auth.log
 
logpath  = /var/log/auth.log
Line 49: Line 48:
 
[ssh-ddos]
 
[ssh-ddos]
 
enabled  = true
 
enabled  = true
#port    = ssh
+
port    = ssh,2200
port    = 2200
 
 
filter  = sshd-ddos
 
filter  = sshd-ddos
 
logpath  = /var/log/auth.log
 
logpath  = /var/log/auth.log
Line 59: Line 57:
 
[ssh-iptables-ipset4]
 
[ssh-iptables-ipset4]
 
enabled  = true
 
enabled  = true
#port    = ssh
+
port    = ssh,2200
port    = 2200
 
 
filter  = sshd
 
filter  = sshd
 
banaction = iptables-ipset-proto4
 
banaction = iptables-ipset-proto4
logpath  = /var/log/sshd.log
+
#logpath  = /var/log/sshd.log
 +
logpath  = /var/log/auth.log
 
maxretry = 4
 
maxretry = 4
  
Line 70: Line 68:
 
[ssh-iptables-ipset6]
 
[ssh-iptables-ipset6]
 
enabled  = true
 
enabled  = true
#port    = ssh
+
port    = ssh,2200
port    = 2200
 
 
filter  = sshd
 
filter  = sshd
 
banaction = iptables-ipset-proto6
 
banaction = iptables-ipset-proto6
logpath  = /var/log/sshd.log
+
#logpath  = /var/log/sshd.log
 +
logpath  = /var/log/auth.log
 
maxretry = 4
 
maxretry = 4
  
Line 82: Line 80:
 
- Note -  
 
- Note -  
  
By enabling the [ssh-iptables-*] rules that will put a filter on the layer 3 (IP level) in IpTables. That is very efficient !!
+
* You can use multi-port filtering with port=X,Y
 +
 
 +
* For IpTables rules you have to adjust the logpath

Revision as of 10:46, 6 June 2014


Installation

apt-get install fail2ban


Configuration

Edit the configuration file

vim /etc/fail2ban/jail.conf


Default (generic) properties

 
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime  = 3600


SSH configuration

Enable and adjust:

  • SSH
  • SSH-DDOS
  • SSH-iptables-*
 
[ssh]
enabled  = true
port     = ssh,2200
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-ddos]
enabled  = true
port     = ssh,2200
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-iptables-ipset4]
enabled  = true
port     = ssh,2200
filter   = sshd
banaction = iptables-ipset-proto4
#logpath  = /var/log/sshd.log
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-iptables-ipset6]
enabled  = true
port     = ssh,2200
filter   = sshd
banaction = iptables-ipset-proto6
#logpath  = /var/log/sshd.log
logpath  = /var/log/auth.log
maxretry = 4


- Note -

  • You can use multi-port filtering with port=X,Y
  • For IpTables rules you have to adjust the logpath