With which command in the terminal I can identify which services I should put in /var/log/fail2ban.log. I would like to identify, avoid entry attempts and ban ips or domains that try to log into services such as mysql, nextcloud, ssh, php, webmail, sasl and the other tutorials programs: - The Perfect Server - Debian 10 - Install NextCloud on Debian 10 Thank you
Debian 10 has logwatch which does log analysis and e-mails you summaries. Use something like that to see what kind of password guessing attempts are happening. Then read /etc/fail2ban/jail.conf and the filters in /etc/fail2ban/filter.d to see what kinds of jails are available and enable the ones you need. Do read the fail2ban documentation. On Debian enabling a jail happens by adding to /etc/fail2ban/jail.local the jail and enable line, like this: Code: [postfix-sasl] enabled = true