Fail2ban Configuration

From CCDSH
Jump to: navigation, search

apt-get install fail2ban

service fail2ban stop

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the /etc/fail2ban/jail.local file and add/modify the sections below:

bantime  = 3600
backend = polling

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

[ssh-ddos]

enabled  = true
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

Create the /etc/fail2ban/action.d/ufw-ssh.conf file with the following contents:

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH

service fail2ban restart

Navigation
Personal tools