Diese Version wurde durch eine neuere bestätigte Version ersetzt.DiffDiese Version (2024/10/17 11:33) ist ein Entwurf.
Überprüfungen: 0/1

Dies ist eine alte Version des Dokuments!

Network: fail2ban

Fail2ban is very important, as it will detect brute force intrusions tries and prevent attackers from accessing the system.

Here ar some small docs on how to setup and us fail2ban in brief.

Installation

Nothing more than a working firewall and fail2ban itself is needed.

zypper install fail2ban

Configuring

The most work should already be done by fail2ban or by your distribution - for example on how to setup the rules in detail.

So in my case for a small setup, it was enough to extend the file /etc/fail2ban/jail.local : 

# Do all your modifications to the jail's configuration in jail.local!
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 ::1 192.168.178.0/24
# "bantime" is the number of seconds that a host is banned.
bantime  = 48h
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 4h
# "maxretry" is the number of failures before a host get banned.
maxretry = 3

[sshd]
enabled = true
port    = ssh
filter  = sshd

This alread enabled SSH.

Monitoring fail2ban

For an overview: fail2ban-client status
Or for a Service (called Jail): fail2ban-client status sshd

This will show all banned ips

Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
  • content/serverbasics/network-fail2ban.1729164831.txt.gz
  • Zuletzt geändert: 2024/10/17 11:33
  • von Daniel