Fail2ban

From Lolly's Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


Installation

Debian / Ubuntu

# apt-get install fail2ban

Configuration

To be secure on updates put your personal settings in the *.local files. This will protect them from overwriting through update procedures.

paths-overrides.local

I have date parts in my logfiles so the defaults from fail2ban would fail to find the logs. 

# exim -bP log_file_path
log_file_path = /var/log/exim/%slog-%D

# doveadm log find
Looking for log files from /var/log
Debug: /var/log/dovecot/dovecot.debug-20160309
Info: /var/log/dovecot/dovecot.debug-20160309
Warning: /var/log/dovecot/dovecot.log-20160309
Error: /var/log/dovecot/dovecot.log-20160309
Fatal: /var/log/dovecot/dovecot.log-20160309

[DEFAULT]

dovecot_log = /var/log/dovecot/dovecot.log-*

exim_main_log = /var/log/exim/mainlog-*

jail.local

[DEFAULT]
bantime = 3600

[sshd]
enabled = true

[exim-spam]
enabled = true

[exim]
enabled = true

[sshd-ddos]
enabled  = true

[dovecot]
enabled  = true

[sieve]
enabled  = true
Retrieved from "https://lars.timmann.de/wiki/index.php?title=Fail2ban&oldid=2447"