Fail2ban Configuration

From CCDSH
Jump to navigationJump to search

apt-get install fail2ban

service fail2ban stop

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the /etc/fail2ban/jail.local file and add/modify the sections below: 

bantime  = 3600
backend = polling

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

[ssh-ddos]

enabled  = true
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

Create the /etc/fail2ban/action.d/ufw-ssh.conf file with the following contents: 

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH

service fail2ban restart

Retrieved from "https://ccdsh.konkoly.hu/wiki/index.php?title=Fail2ban_Configuration&oldid=944"