Fail2ban: Difference between revisions

From Q
Jump to navigation Jump to search
← Older edit
Tgurr (talk | contribs)
1,619 edits
No edit summary
Tgurr (talk | contribs)
1,619 edits
 
(3 intermediate revisions by the same user not shown)
Line 13: Line 13:
{{File|/etc/syslog-ng/syslog-ng.conf|
{{File|/etc/syslog-ng/syslog-ng.conf|
<pre>
<pre>
source src { system(); internal(); };
destination authlog { file("/var/log/auth.log"); };
destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
log { source(src); filter(f_authpriv); destination(authlog); };
filter f_denied { match("denied"); };


log { source(src); filter(f_authpriv); destination(authlog); };
destination messages { file("/var/log/messages"); };
</pre>
</pre>
}}
}}
Line 29: Line 30:


== Fail2ban configuration (0.9.x) ==
== Fail2ban configuration (0.9.x) ==
Be sure to also enable the required Kernel options for [[Kernel#Fail2ban_.28iptables.29|iptables]].


=== Enable the sshd jails and fail2ban reporting via email ===
=== Enable the sshd jails and fail2ban reporting via email ===
Line 41: Line 44:


[sshd]
[sshd]
enabled = true
[sshd-ddos]
enabled = true
enabled = true
</pre>
</pre>

Latest revision as of 13:35, 20 May 2018

Installation

# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default

syslog-ng configuration

File: /etc/syslog-ng/syslog-ng.conf
source src { system(); internal(); };

destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
log { source(src); filter(f_authpriv); destination(authlog); };

destination messages { file("/var/log/messages"); };
# touch /var/log/auth.log
# chmod 600 /var/log/auth.log
# /etc/init.d/syslog-ng restart

Fail2ban configuration (0.9.x)

Be sure to also enable the required Kernel options for iptables.

Enable the sshd jails and fail2ban reporting via email

File: /etc/fail2ban/jail.local
[DEFAULT]
bantime = 86400
maxretry = 3
destemail = yourmail@domain.local
sender = fail2ban@hostname
action = %(action_mwl)s

[sshd]
enabled = true

Optional: Disable the new sqlite feature

File: /etc/fail2ban/fail2ban.local
[Definition]
dbfile = None

Optional: Set the sshd log file path (default is auth.log)

File: /etc/fail2ban/paths-overrides.local
[DEFAULT]
sshd_log = /var/log/sshd.log


# /etc/init.d/fail2ban start
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Fail2ban&oldid=4198"