Fail2ban

From Lolly's Wiki
Revision as of 16:30, 25 November 2021 by Lollypop (talk | contribs) (Text replacement - "<source" to "<syntaxhighlight")
Jump to navigationJump to search

Kategorie:Security Kategorie:Linux

Installation

Debian / Ubuntu

<syntaxhighlight lang=bash>

  1. apt-get install fail2ban

</source>

Configuration

To be secure on updates put your personal settings in the *.local files. This will protect them from overwriting through update procedures.

paths-overrides.local

I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. <syntaxhighlight lang=bash>

  1. exim -bP log_file_path

log_file_path = /var/log/exim/%slog-%D

  1. doveadm log find

Looking for log files from /var/log Debug: /var/log/dovecot/dovecot.debug-20160309 Info: /var/log/dovecot/dovecot.debug-20160309 Warning: /var/log/dovecot/dovecot.log-20160309 Error: /var/log/dovecot/dovecot.log-20160309 Fatal: /var/log/dovecot/dovecot.log-20160309 </source>

<syntaxhighlight lang=ini> [DEFAULT]

dovecot_log = /var/log/dovecot/dovecot.log-*

exim_main_log = /var/log/exim/mainlog-* </source>

jail.local

<syntaxhighlight lang=ini> [DEFAULT] bantime = 3600

[sshd] enabled = true

[exim-spam] enabled = true

[exim] enabled = true

[sshd-ddos] enabled = true

[dovecot] enabled = true

[sieve] enabled = true </source>

Retrieved from "https://lars.timmann.de/wiki/index.php?title=Fail2ban&oldid=2239"