Diese Version (2024/10/17 11:34) wurde bestätigt durch Daniel.

Network: fail2ban

Fail2ban is very important, as it will detect brute force intrusions tries and prevent attackers from accessing the system.

Here ar some small docs on how to setup and us fail2ban in brief.

Nothing more than a working firewall and fail2ban itself is needed.

zypper install fail2ban

The most work should already be done by fail2ban or by your distribution - for example on how to setup the rules in detail.

So in my case for a small setup, it was enough to extend the file /etc/fail2ban/jail.local :

# Do all your modifications to the jail's configuration in jail.local!
[DEFAULT]
#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 ::1 192.168.178.0/24
# "bantime" is the number of seconds that a host is banned.
bantime  = 48h
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 4h
# "maxretry" is the number of failures before a host get banned.
maxretry = 3

[sshd]
enabled = true
port    = ssh
filter  = sshd

This alread enabled SSH.

For an overview: fail2ban-client status
Or for a Service (called Jail): fail2ban-client status sshd

This will show all banned ips.

Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
  • content/serverbasics/network-fail2ban.txt
  • Zuletzt geändert: 2024/10/17 11:34
  • von Daniel