sudo apt-get install fail2ban python-gamin iptables
fail2ban scans log files and bans IPs that cause too many failures
After installation you are protected against ssh auth attempts only. For things like apache you will have to add the file /etc/fail2ban/jail.local to modify any sections in /etc/fail2ban/jail.conf or add new sections. For example:
[DEFAULT] ignoreip = 127.0.0.1 192.168.1.44 92.82.72.0/8 findtime = 86400 maxretry = 2 [apache] enabled = true maxretry = 2 [apache-noscript] enabled = true maxretry = 2 [apache-overflows] enabled = true [apache-badbots] enabled = true port = http,https filter = apache-badbots bantime = 86400 logpath = /var/log/apache*/*access.log maxretry = 2 [ssh] maxretry = 2 [ssh-ddos] enabled = true maxretry = 2
After changes to jail.local run sudo fail2ban-client reload. NOTE: running /etc/init.d/fail2ban restart will NOT reload config settings.
You can run fail2ban-client status to see which jails are active and fail2ban-client <JAIL> to see the status of that jail.
|
This site best viewed with a browser |
| Warning: This is a Debian centric site and MAY contain peanuts. | |
| Many thanks to Debra Lynn and Ian Murdock for making Debian possible | |
| First created Jul 30 2011 ~ Last revised December 21, 2011 |
