Fail2ban

Revision as of 10:34, 6 June 2014 by WikiFreak (talk | contribs)


Installation

apt-get install fail2ban


Configuration

Edit the configuration file

vim /etc/fail2ban/jail.conf


Default (generic) properties

 
[DEFAULT]
ignoreip = 127.0.0.1/8
...
# "bantime" is the number of seconds that a host is banned.
bantime  = 3600


SSH configuration

Enable and adjust:

  • SSH port
  • SSH-DDOS


 
[ssh]
enabled  = true
#port     = ssh
port     = 2200
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-ddos]
enabled  = true
#port     = ssh
port     = 2200
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 4

...

[ssh-iptables-ipset4]
enabled  = true
#port     = ssh
port     = 2200
filter   = sshd
banaction = iptables-ipset-proto4
logpath  = /var/log/sshd.log
maxretry = 4

...

[ssh-iptables-ipset6]
enabled  = true
#port     = ssh
port     = 2200
filter   = sshd
banaction = iptables-ipset-proto6
logpath  = /var/log/sshd.log
maxretry = 4


- Note -

By enabling the [ssh-iptables-*] rules that will put a filter on the layer 3 (IP level) in IpTables. That is very efficient !!