I just setup Fail2Ban version 0.10.2 I'm newbie, somebody can help with the rules that I have to setup in /etc/fail2ban/jail.d/jail.local (As recommended in the latest version I didn't touch anything in /etc/fail2ban/jail.conf) Code: # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. What should I add in /etc/fail2ban/jail.d/jail.local to prevent some attack with Apache, wordpress and so on... Now in /etc/fail2ban/jail.d/jail.local I have only this : Code: [DEFAULT] maxretry = 6 findtime = 604800 bantime = 1209600 destemail= [email protected] sender = [email protected] action = %(action_mwl)s mta = sendmail ignoreip = 312.312.312.312 127.0.0.1 [ssh] enabled = true port = 31262 maxretry = 6 This is enough ? how can I improve ? Thank to share your rules with Fail2Ban
I thought you run an ISPConfig server? Why did you not followed the ISPConfig Perfect server installation instructions and installed the fail2ban rules as described in chapter 17? https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/
I did it 17 Install fail2ban and UFW Firewall Code: apt-get install fail2ban To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local: Code: nano /etc/fail2ban/jail.local And add the following configuration to it. Code: [pure-ftpd] enabled = true port = ftp filter = pure-ftpd logpath = /var/log/syslog maxretry = 3 [dovecot] enabled = true filter = dovecot logpath = /var/log/mail.log maxretry = 5 [postfix-sasl] enabled = true port = smtp filter = postfix[mode=auth] logpath = /var/log/mail.log maxretry = 3 I have done this above and now I have Code: /etc/init.d/fail2ban status ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2019-09-26 23:32:59 CEST; 1 weeks 0 days ago Docs: man:fail2ban(1) Main PID: 514 (fail2ban-server) Tasks: 3 (limit: 2319) Memory: 16.8M CGroup: /system.slice/fail2ban.service └─514 /usr/bin/python3 /usr/bin/fail2ban-server -xf start I was talking about "jail" which we can add in /etc/fail2ban/jail.d/jail.local That's wrong ? Should I add more rules directly in /etc/fail2ban/jail.local and not in /etc/fail2ban/jail.d/jail.local ?
Please see your first post, the jail.conf tells you to use /etc/fail2ban/jail.local and also the perfect server tutorial tells you to use that file.
Ok I will do it and use only /etc/fail2ban/jail.local, thanks for your advices So I still have the same question Exemple should I add Code: [DEFAULT] maxretry = 6 findtime = 604800 bantime = 1209600 destemail= [email protected] sender = [email protected] action = %(action_mwl)s mta = sendmail ignoreip = 312.312.312.312 127.0.0.1 [ssh] enabled = true port = 31262 maxretry = 6