Fail2ban Configuration

From CCDSH
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

apt-get install fail2ban

service fail2ban stop

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the /etc/fail2ban/jail.local file and add/modify the sections below:

bantime  = 3600
backend = polling

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

[ssh-ddos]

enabled  = true
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 3
banaction = ufw-ssh

Create the /etc/fail2ban/action.d/ufw-ssh.conf file with the following contents:

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH

service fail2ban restart