Fail2ban: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 30: | Line 30: | ||
== Fail2ban configuration (0.9.x) == | == Fail2ban configuration (0.9.x) == | ||
Be sure to also enable the required Kernel options for [Kernel#Fail2ban_.28iptables.29|iptables]. | Be sure to also enable the required Kernel options for [[Kernel#Fail2ban_.28iptables.29|iptables]]. | ||
=== Enable the sshd jails and fail2ban reporting via email === | === Enable the sshd jails and fail2ban reporting via email === | ||
Revision as of 17:11, 19 March 2014
Installation
# emerge fail2ban
# /etc/init.d/iptables save
# rc-update add iptables default
# rc-update add fail2ban default
syslog-ng configuration
File: /etc/syslog-ng/syslog-ng.conf
destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };
log { source(src); filter(f_authpriv); destination(authlog); };
# touch /var/log/auth.log
# chmod 600 /var/log/auth.log
# /etc/init.d/syslog-ng restart
Fail2ban configuration (0.9.x)
Be sure to also enable the required Kernel options for iptables.
Enable the sshd jails and fail2ban reporting via email
File: /etc/fail2ban/jail.local
[DEFAULT] bantime = 86400 maxretry = 3 destemail = yourmail@domain.local sender = fail2ban@hostname action = %(action_mwl)s [sshd] enabled = true [sshd-ddos] enabled = true
Optional: Disable the new sqlite feature
File: /etc/fail2ban/fail2ban.local
[Definition] dbfile = None
Optional: Set the sshd log file path (default is auth.log)
File: /etc/fail2ban/paths-overrides.local
[DEFAULT] sshd_log = /var/log/sshd.log
# /etc/init.d/fail2ban start