Fail2Ban basic rules

Discussion in 'Server Operation' started by albertf, Oct 4, 2019.

  1. albertf

    albertf Member

    I just setup Fail2Ban version 0.10.2
    I'm newbie, somebody can help with the rules that I have to setup in /etc/fail2ban/jail.d/jail.local
    (As recommended in the latest version I didn't touch anything in /etc/fail2ban/jail.conf)
    Code:
    # Provide customizations in a jail.local file or a jail.d/customisation.local.
    # For example to change the default bantime for all jails and to enable the
    # ssh-iptables jail the following (uncommented) would appear in the .local file.
    # See man 5 jail.conf for details.
    
    What should I add in /etc/fail2ban/jail.d/jail.local to prevent some attack with Apache, wordpress and so on...
    Now in /etc/fail2ban/jail.d/jail.local I have only this :
    Code:
    [DEFAULT]
    maxretry = 6
    findtime = 604800
    bantime  = 1209600
    destemail= [email protected]
    sender   = [email protected]
    action   = %(action_mwl)s
    mta      = sendmail
    ignoreip = 312.312.312.312 127.0.0.1
    
    [ssh]
    enabled  = true
    port     = 31262
    maxretry = 6
    This is enough ? how can I improve ?
    Thank to share your rules with Fail2Ban
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. albertf

    albertf Member

    I did it
    17 Install fail2ban and UFW Firewall
    Code:
    apt-get install fail2ban
    To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:
    Code:
    nano /etc/fail2ban/jail.local
    And add the following configuration to it.
    Code:
    [pure-ftpd]
    enabled = true
    port = ftp
    filter = pure-ftpd
    logpath = /var/log/syslog
    maxretry = 3
    
    [dovecot]
    enabled = true
    filter = dovecot
    logpath = /var/log/mail.log
    maxretry = 5
    
    [postfix-sasl]
    enabled = true
    port = smtp
    filter = postfix[mode=auth]
    logpath = /var/log/mail.log
    maxretry = 3
    I have done this above and now I have
    Code:
    /etc/init.d/fail2ban status
    ● fail2ban.service - Fail2Ban Service
       Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2019-09-26 23:32:59 CEST; 1 weeks 0 days ago
         Docs: man:fail2ban(1)
     Main PID: 514 (fail2ban-server)
        Tasks: 3 (limit: 2319)
       Memory: 16.8M
       CGroup: /system.slice/fail2ban.service
               └─514 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
    
    I was talking about "jail" which we can add in /etc/fail2ban/jail.d/jail.local
    [​IMG]
    That's wrong ?
    Should I add more rules directly in /etc/fail2ban/jail.local and not in /etc/fail2ban/jail.d/jail.local ?
    [​IMG]
     
    Last edited: Oct 4, 2019
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please see your first post, the jail.conf tells you to use /etc/fail2ban/jail.local and also the perfect server tutorial tells you to use that file.
     
  5. albertf

    albertf Member

    Ok I will do it and use only /etc/fail2ban/jail.local, thanks for your advices
    So I still have the same question ;)
    Exemple should I add
    Code:
    [DEFAULT]
    maxretry = 6
    findtime = 604800
    bantime  = 1209600
    destemail= [email protected]
    sender   = [email protected]
    action   = %(action_mwl)s
    mta      = sendmail
    ignoreip = 312.312.312.312 127.0.0.1
    
    [ssh]
    enabled  = true
    port     = 31262
    maxretry = 6
     

Share This Page