Fail2ban Configuration
From CCDSH
Jump to navigationJump to search
apt-get install fail2ban
service fail2ban stop
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the /etc/fail2ban/jail.local
file and add/modify the sections below:
bantime = 3600 backend = polling [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 banaction = ufw-ssh [ssh-ddos] enabled = true port = ssh filter = sshd-ddos logpath = /var/log/auth.log maxretry = 3 banaction = ufw-ssh
Create the /etc/fail2ban/action.d/ufw-ssh.conf
file with the following contents:
[Definition] actionstart = actionstop = actioncheck = actionban = ufw insert 1 deny from <ip> to any app OpenSSH actionunban = ufw delete deny from <ip> to any app OpenSSH
service fail2ban restart