Fail2ban: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
m (Text replacement - "[[Kategorie:" to "[[Category:")
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Kategorie:Security]]
[[Category:Security]]
[[Kategorie:Linux]]
[[Category:Linux]]


==Installation==
==Installation==
===Debian / Ubuntu===
===Debian / Ubuntu===
<source lang=bash>
<syntaxhighlight lang=bash>
# apt-get install fail2ban
# apt-get install fail2ban
</source>
</syntaxhighlight>


==Configuration==
==Configuration==
Line 13: Line 13:
===paths-overrides.local===
===paths-overrides.local===
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs.
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs.
<source lang=bash>
<syntaxhighlight lang=bash>
# exim -bP log_file_path
# exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D
log_file_path = /var/log/exim/%slog-%D
Line 24: Line 24:
Error: /var/log/dovecot/dovecot.log-20160309
Error: /var/log/dovecot/dovecot.log-20160309
Fatal: /var/log/dovecot/dovecot.log-20160309
Fatal: /var/log/dovecot/dovecot.log-20160309
</source>
</syntaxhighlight>


<source lang=ini>
<syntaxhighlight lang=ini>
[DEFAULT]
[DEFAULT]


Line 32: Line 32:


exim_main_log = /var/log/exim/mainlog-*
exim_main_log = /var/log/exim/mainlog-*
</source>
</syntaxhighlight>


===jail.local===
===jail.local===
<source lang=ini>
<syntaxhighlight lang=ini>
[DEFAULT]
[DEFAULT]
bantime = 3600
bantime = 3600
Line 56: Line 56:
[sieve]
[sieve]
enabled  = true
enabled  = true
</source>
</syntaxhighlight>

Latest revision as of 23:55, 25 November 2021


Installation

Debian / Ubuntu

# apt-get install fail2ban

Configuration

To be secure on updates put your personal settings in the *.local files. This will protect them from overwriting through update procedures.

paths-overrides.local

I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs.

# exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D

# doveadm log find
Looking for log files from /var/log
Debug: /var/log/dovecot/dovecot.debug-20160309
Info: /var/log/dovecot/dovecot.debug-20160309
Warning: /var/log/dovecot/dovecot.log-20160309
Error: /var/log/dovecot/dovecot.log-20160309
Fatal: /var/log/dovecot/dovecot.log-20160309
[DEFAULT]

dovecot_log = /var/log/dovecot/dovecot.log-*

exim_main_log = /var/log/exim/mainlog-*

jail.local

[DEFAULT]
bantime = 3600

[sshd]
enabled = true

[exim-spam]
enabled = true

[exim]
enabled = true

[sshd-ddos]
enabled  = true

[dovecot]
enabled  = true

[sieve]
enabled  = true