Fail2ban: Difference between revisions
m (Text replacement - "<source" to "<syntaxhighlight") |
|||
| Line 4: | Line 4: | ||
==Installation== | ==Installation== | ||
===Debian / Ubuntu=== | ===Debian / Ubuntu=== | ||
< | <syntaxhighlight lang=bash> | ||
# apt-get install fail2ban | # apt-get install fail2ban | ||
</source> | </source> | ||
| Line 13: | Line 13: | ||
===paths-overrides.local=== | ===paths-overrides.local=== | ||
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. | I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. | ||
< | <syntaxhighlight lang=bash> | ||
# exim -bP log_file_path | # exim -bP log_file_path | ||
log_file_path = /var/log/exim/%slog-%D | log_file_path = /var/log/exim/%slog-%D | ||
| Line 26: | Line 26: | ||
</source> | </source> | ||
< | <syntaxhighlight lang=ini> | ||
[DEFAULT] | [DEFAULT] | ||
| Line 35: | Line 35: | ||
===jail.local=== | ===jail.local=== | ||
< | <syntaxhighlight lang=ini> | ||
[DEFAULT] | [DEFAULT] | ||
bantime = 3600 | bantime = 3600 | ||
Revision as of 15:30, 25 November 2021
Kategorie:Security Kategorie:Linux
Installation
Debian / Ubuntu
<syntaxhighlight lang=bash>
- apt-get install fail2ban
</source>
Configuration
To be secure on updates put your personal settings in the *.local files. This will protect them from overwriting through update procedures.
paths-overrides.local
I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. <syntaxhighlight lang=bash>
- exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D
- doveadm log find
Looking for log files from /var/log Debug: /var/log/dovecot/dovecot.debug-20160309 Info: /var/log/dovecot/dovecot.debug-20160309 Warning: /var/log/dovecot/dovecot.log-20160309 Error: /var/log/dovecot/dovecot.log-20160309 Fatal: /var/log/dovecot/dovecot.log-20160309 </source>
<syntaxhighlight lang=ini> [DEFAULT]
dovecot_log = /var/log/dovecot/dovecot.log-*
exim_main_log = /var/log/exim/mainlog-* </source>
jail.local
<syntaxhighlight lang=ini> [DEFAULT] bantime = 3600
[sshd] enabled = true
[exim-spam] enabled = true
[exim] enabled = true
[sshd-ddos] enabled = true
[dovecot] enabled = true
[sieve] enabled = true </source>
