Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » fail2ban
Trace: audiostreamconvert
linux:ubuntu:fail2ban

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
linux:ubuntu:fail2ban [2018/01/08 10:18] lunetikklinux:ubuntu:fail2ban [2019/10/29 10:44] lunetikk
Line 31: Line 31:
 port     = 22 port     = 22
 filter   = sshd filter   = sshd
 +#action   = iptables[name=SSH, port=2022, protocol=tcp]
 +#           sendmail-whois-lines[name=SSH, dest="[email protected],[email protected]", [email protected], sendername="Fail2Ban", logpath=/var/log/auth.log]
 logpath  = /var/log/auth.log logpath  = /var/log/auth.log
 maxretry = 3 maxretry = 3
 +
 +[vsftpd]
 +
 +enabled  = true
 +port     = ftp,ftp-data,ftps,ftps-data
 +filter   = vsftpd
 +logpath  = /var/log/vsftpd.log
 +# or overwrite it in jails.local to be
 +# logpath = /var/log/auth.log
 +# if you want to rely on PAM failed login attempts
 +# vsftpd's failregex should match both of those formats
 +maxretry = 3
 +
 +
 +# To log wrong MySQL access attempts add to /etc/my.cnf:
 +# log-error=/var/log/mysqld.log
 +# log-warning = 2
 +[mysqld-auth]
 +
 +enabled  = true
 +filter   = mysqld-auth
 +port     = 3306
 +logpath  = /var/log/mysql/error.log
 +
 +[repeatoffender]
 +
 +enabled  = true
 +filter   = repeatoffender
 +action   = repeatoffender[name=repeatoffender]
 +           sendmail-whois[name=Repeat-Offender, [email protected], [email protected]]
 +logpath  = /var/log/fail2ban*
 +maxretry = 3
 +#findtime is 365 days
 +findtime = 31536000
 +bantime  = -1
 +
 +</code>
 +
 +===== Abusemails =====
 +
 +Click the following link for more info about abuse automatisation\\
 +[[linux:ubuntu:blocklist|Blocklist]]
 +
 +===== Commands =====
 +
 +==== Unban ====
 +
 +<code>
 +fail2ban-client set <JAIL> unbanip <IP>
 +#example
 +fail2ban-client set ssh unbanip 192.168.178.1 
 +</code>
 +
 +==== Ban ====
 +
 +<code>
 +fail2ban-client set <JAIL> banip <IP>
 +#example
 +fail2ban-client set ssh banip 192.168.178.1  
 </code> </code>
 +
 +==== Other ====
 +
 +Get a list of commands
 +<code>fail2ban-client --help</code>
 +
 +===== Troubleshooting =====
 +
 +==== IP gets banned everytime ====
 +
 +An IP listed in "ignoreip" still gets banned everytime you reload/restart/start your Fail2ban service.\\
 +
 +__Reason:__ \\
 +The IP was banned before you added it to "ignoreip"  \\
 +
 +__Fix:__ \\
 +The IP is added to the file "ip.blocklist.repeatoffender". \\
 +Open the file and remove the IP.
 +
 +
linux/ubuntu/fail2ban.txt · Last modified: 2019/10/29 10:45 by lunetikk

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki