Difference between revisions of "Fail2Ban"
From wiki
(Created page with "<syntaxhighlight lang="console"> # apt install fail2ban </syntaxhighlight> Category:Install") |
(Add configuration) |
||
| Line 1: | Line 1: | ||
| − | <syntaxhighlight lang="console"> | + | Debian Stretch (currently in testing) contain a much nicer version of fail2ban than Jessie (current stable). Configuration has been simplified a lot between the two releases and installing the version from stretch will save you migration pain later.<syntaxhighlight lang="console"> |
| − | # apt install fail2ban | + | # apt install fail2ban/stretch |
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | == Configuration == | ||
| + | |||
| + | === Defaults === | ||
| + | Create file <code>/etc/fail2ban/jail.local</code><syntaxhighlight lang="ini"> | ||
| + | [DEFAULT] | ||
| + | # Destination email for action that send you an email | ||
| + | destemail = fail2ban@mydomain.example | ||
| + | |||
| + | # Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this | ||
| + | sender = fail2ban@mydomain.example | ||
| + | |||
| + | # Default action. Will block user and send you an email with whois content and log lines. | ||
| + | action = %(action_mwl)s | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === Recidive === | ||
| + | <syntaxhighlight lang="ini"> | ||
| + | # Jail for more extended banning of persistent abusers | ||
| + | # !!! WARNINGS !!! | ||
| + | # 1. Make sure that your loglevel specified in fail2ban.conf/.local | ||
| + | # is not at DEBUG level -- which might then cause fail2ban to fall into | ||
| + | # an infinite loop constantly feeding itself with non-informative lines | ||
| + | # 2. If you increase bantime, you must increase value of dbpurgeage | ||
| + | # to maintain entries for failed logins for sufficient amount of time. | ||
| + | # The default is defined in fail2ban.conf and you can override it in fail2ban.local | ||
| + | [recidive] | ||
| + | enabled = true | ||
| + | logpath = /var/log/fail2ban.log | ||
| + | banaction = iptables-allports | ||
| + | bantime = 86400 ; 1 day. If you | ||
| + | findtime = 86400 ; 1 day | ||
| + | maxretry = 3 | ||
| + | protocol = all | ||
| + | </syntaxhighlight> | ||
| + | |||
[[Category:Install]] | [[Category:Install]] | ||
| + | [[Category:Fail2Ban]] | ||
Revision as of 15:57, 3 January 2016
Debian Stretch (currently in testing) contain a much nicer version of fail2ban than Jessie (current stable). Configuration has been simplified a lot between the two releases and installing the version from stretch will save you migration pain later.
# apt install fail2ban/stretch
Configuration
Defaults
Create file /etc/fail2ban/jail.local
[DEFAULT]
# Destination email for action that send you an email
destemail = fail2ban@mydomain.example
# Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this
sender = fail2ban@mydomain.example
# Default action. Will block user and send you an email with whois content and log lines.
action = %(action_mwl)s
Recidive
# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
# 2. If you increase bantime, you must increase value of dbpurgeage
# to maintain entries for failed logins for sufficient amount of time.
# The default is defined in fail2ban.conf and you can override it in fail2ban.local
[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = iptables-allports
bantime = 86400 ; 1 day. If you
findtime = 86400 ; 1 day
maxretry = 3
protocol = all
