Fail2Ban på Ubuntu Server

Fra Millenium's Wiki
Spring til navigation Spring til søgning

Installering

sudo apt-get install fail2ban

Konfiguration

For at konfigurerer Fail2Ban laves der 'lokal' kopi af 'jail.conf' i '/etc/fail2ban' 

cd /etc/fail2ban
sudo cp jail.conf jail.local

Redigér filen 

sudo nano jail.local

Tilføj de IP'er Fail2Ban skal ignorere 

[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx
bantime  = -1
maxretry = 3

Jail

Opsætning af SSH jail. 

[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3

Genstart Fail2Ban 

sudo /etc/init.d/fail2ban restart
Hentet fra "http://wiki.elmevaenget6.dk/index.php?title=Fail2Ban_på_Ubuntu_Server&oldid=7459"