Difference between revisions of "Fail2Ban"

From wiki
(Add configuration)
(Link to category page)
Line 38: Line 38:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
[[Category:Install]]
+
=== Other rules ===
 +
Rules specific to one program are documented on the program page. You can see the list on the [[:Category:Fail2Ban|fail2ban category page]]. [[Category:Install]]
 
[[Category:Fail2Ban]]
 
[[Category:Fail2Ban]]

Revision as of 18:05, 3 January 2016

Debian Stretch (currently in testing) contain a much nicer version of fail2ban than Jessie (current stable). Configuration has been simplified a lot between the two releases and installing the version from stretch will save you migration pain later.

# apt install fail2ban/stretch

Configuration

Defaults

Create file /etc/fail2ban/jail.local

[DEFAULT]
# Destination email for action that send you an email
destemail = fail2ban@mydomain.example

# Sender email. Warning: not all actions take this into account. Make sure to test if you rely on this
sender    = fail2ban@mydomain.example

# Default action. Will block user and send you an email with whois content and log lines.
action    = %(action_mwl)s

Recidive

# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!! 
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
#    is not at DEBUG level -- which might then cause fail2ban to fall into
#    an infinite loop constantly feeding itself with non-informative lines
# 2. If you increase bantime, you must increase value of dbpurgeage
#    to maintain entries for failed logins for sufficient amount of time.
#    The default is defined in fail2ban.conf and you can override it in fail2ban.local
[recidive]
enabled   = true
logpath   = /var/log/fail2ban.log
banaction = iptables-allports
bantime   = 86400 ; 1 day. If you 
findtime  = 86400 ; 1 day 
maxretry  = 3 
protocol  = all

Other rules

Rules specific to one program are documented on the program page. You can see the list on the fail2ban category page.