Fail2ban¶
Taken from the official readme :
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.
Fail2ban should be installed on all servers.
If it is not installed you can follow the directions for installing Fail2ban on debian that live in the Wiki VPS_Setup_and_Configuration
On all servers it should at least have default configuration and SSH enabled
File Structure¶
- conf file (fail2ban.conf, Fail2Ban global configuration (such as logging) )
- filters (filter.d directory, filter.d/*.conf)
- Filters specifying how to detect authentication failures
- Actions (action.d/*.conf)
- Actions defining the commands for banning and unbanning of IP address
- Jails (jail directory jail.d , jail.conf)
- Jails defining combinations of Filters with Actions.
- regular expressions are for matching log files
References:¶
Updated by Manu Mei-Singh 29 days ago · 1 revisions
Also available in: PDF HTML TXT
Go to top