Differences

This shows you the differences between two versions of the page.

--- linux:ubuntu:fail2ban [2018/01/08 11:30] – lunetikk
+++ linux:ubuntu:fail2ban [2019/10/29 10:45] (current) – lunetikk
@@ Line 31: / Line 31: @@
 port     = 22
 filter   = sshd
+#action   = iptables[name=SSH, port=2022, protocol=tcp]
+#           sendmail-whois-lines[name=SSH, dest="[email protected],[email protected]", [email protected], sendername="Fail2Ban", logpath=/var/log/auth.log]
 logpath  = /var/log/auth.log
 maxretry = 3
+[vsftpd]
+enabled  = true
+port     = ftp,ftp-data,ftps,ftps-data
+filter   = vsftpd
+logpath  = /var/log/vsftpd.log
+# or overwrite it in jails.local to be
+# logpath = /var/log/auth.log
+# if you want to rely on PAM failed login attempts
+# vsftpd's failregex should match both of those formats
+maxretry = 3
+# To log wrong MySQL access attempts add to /etc/my.cnf:
+# log-error=/var/log/mysqld.log
+# log-warning = 2
+[mysqld-auth]
+enabled  = true
+filter   = mysqld-auth
+port     = 3306
+logpath  = /var/log/mysql/error.log
+[repeatoffender]
+enabled  = true
+filter   = repeatoffender
+action   = repeatoffender[name=repeatoffender]
+           sendmail-whois[name=Repeat-Offender, [email protected], [email protected]]
+logpath  = /var/log/fail2ban*
+maxretry = 3
+#findtime is 365 days
+findtime = 31536000
+bantime  = -1
 </code>
+===== Abusemails =====
+Click the following link for more info about abuse automatisation\\
+[[linux:ubuntu:blocklist|Blocklist]]
 ===== Commands =====
@@ Line 57: / Line 100: @@
 Get a list of commands
 <code>fail2ban-client --help</code>
+===== Troubleshooting =====
+==== IP gets banned everytime ====
+An IP listed in "ignoreip" still gets banned everytime you reload/restart/start your Fail2ban service.\\
+__Reason:__ \\
+The IP was banned before you added it to "ignoreip"  \\
+__Fix:__ \\
+The IP is added to the file "ip.blocklist.repeatoffender". \\
+Open the file and remove the IP.

Lunetikk's IT Wiki

User Tools

Site Tools

Differences

Page Tools