Fail2Ban (Debian)
Aus MattWiki
Anleitung für Einrichtung von Fail2Ban in Debian.
Installation
apt-get install fail2ban
Konfiguration
Für die Anpassung der Regeln eine neue Datei Namens jail.local nach dem Vorbild von jail.conf anlegen, z. B.:
touch /etc/fail2ban/jail.local
Inhalt
[ssh] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 100
Unban
With Fail2Ban before v0.8.8: fail2ban-client get YOURJAILNAMEHERE actionunban IPADDRESSHERE
With Fail2Ban v0.8.8 and later: fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE.
The hard part is finding the right jail:
Use iptables -L -n to find the rule name... ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.