Fail2Ban (Debian)

Aus MattWiki

Anleitung für Einrichtung von Fail2Ban in Debian.

Installation

apt-get install fail2ban

Konfiguration

Für die Anpassung der Regeln eine neue Datei Namens jail.local nach dem Vorbild von jail.conf anlegen, z. B.:

touch /etc/fail2ban/jail.local

Inhalt

[ssh]

enabled  = true
port     = 22
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 100


Unban

With Fail2Ban before v0.8.8: fail2ban-client get YOURJAILNAMEHERE actionunban IPADDRESSHERE

With Fail2Ban v0.8.8 and later: fail2ban-client set YOURJAILNAMEHERE unbanip IPADDRESSHERE.

The hard part is finding the right jail:

   Use iptables -L -n to find the rule name...
   ...then use fail2ban-client status to get the actual jail names. The rule name and jail name may not be the same but it should be clear which one is related to which.