Fail2ban: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
(Die Seite wurde neu angelegt: „Kategorie:Security Kategorie:Linux ==Installation== ===Debian / Ubuntu=== <source lang=bash> # apt-get install fail2ban </source> ==Configuration== T…“) |
m (Text replacement - "[[Kategorie:" to "[[Category:") |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[ | [[Category:Security]] | ||
[[ | [[Category:Linux]] | ||
==Installation== | ==Installation== | ||
===Debian / Ubuntu=== | ===Debian / Ubuntu=== | ||
< | <syntaxhighlight lang=bash> | ||
# apt-get install fail2ban | # apt-get install fail2ban | ||
</ | </syntaxhighlight> | ||
==Configuration== | ==Configuration== | ||
| Line 13: | Line 13: | ||
===paths-overrides.local=== | ===paths-overrides.local=== | ||
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. | I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. | ||
< | <syntaxhighlight lang=bash> | ||
# exim -bP log_file_path | # exim -bP log_file_path | ||
log_file_path = /var/log/exim/%slog-%D | log_file_path = /var/log/exim/%slog-%D | ||
| Line 24: | Line 24: | ||
Error: /var/log/dovecot/dovecot.log-20160309 | Error: /var/log/dovecot/dovecot.log-20160309 | ||
Fatal: /var/log/dovecot/dovecot.log-20160309 | Fatal: /var/log/dovecot/dovecot.log-20160309 | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang=ini> | ||
[DEFAULT] | [DEFAULT] | ||
| Line 32: | Line 32: | ||
exim_main_log = /var/log/exim/mainlog-* | exim_main_log = /var/log/exim/mainlog-* | ||
</ | </syntaxhighlight> | ||
===jail.local=== | ===jail.local=== | ||
< | <syntaxhighlight lang=ini> | ||
[DEFAULT] | [DEFAULT] | ||
bantime = 3600 | bantime = 3600 | ||
[sshd] | [sshd] | ||
enabled = true | enabled = true | ||
| Line 56: | Line 56: | ||
[sieve] | [sieve] | ||
enabled = true | enabled = true | ||
</ | </syntaxhighlight> | ||
Latest revision as of 23:55, 25 November 2021
Installation
Debian / Ubuntu
# apt-get install fail2ban
Configuration
To be secure on updates put your personal settings in the *.local files. This will protect them from overwriting through update procedures.
paths-overrides.local
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs.
# exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D
# doveadm log find
Looking for log files from /var/log
Debug: /var/log/dovecot/dovecot.debug-20160309
Info: /var/log/dovecot/dovecot.debug-20160309
Warning: /var/log/dovecot/dovecot.log-20160309
Error: /var/log/dovecot/dovecot.log-20160309
Fatal: /var/log/dovecot/dovecot.log-20160309
[DEFAULT]
dovecot_log = /var/log/dovecot/dovecot.log-*
exim_main_log = /var/log/exim/mainlog-*
jail.local
[DEFAULT]
bantime = 3600
[sshd]
enabled = true
[exim-spam]
enabled = true
[exim]
enabled = true
[sshd-ddos]
enabled = true
[dovecot]
enabled = true
[sieve]
enabled = true
