Last active
March 8, 2016 17:31
-
-
Save hugsbrugs/a66e7eaa102a1e266014 to your computer and use it in GitHub Desktop.
Memo Linux fail2ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[DEFAULT] | |
ignoreip = 127.0.0.1/8 YOUR_IP | |
banaction = ufw | |
bantime = 1800 | |
destemail = your.name@mail.com | |
sendername = Fail2Ban | |
action = %(action_mwl)s | |
[sshd] | |
enabled = true | |
#banaction = ufw[application=OpenSSH, port=ssh, protocol=tcp] | |
# Get 'OpenSSH' from command : sudo ufw app list | |
banaction = ufw[application=OpenSSH] | |
# Not needed if rule has same name as filter (sshd) | |
#filter = sshd | |
bantime = 86400 | |
findtime = 300 | |
maxretry = 2 | |
port = ssh | |
#logpath = /var/log/auth.log | |
[apache-auth] | |
enabled = true | |
log_path = /var/log/apache2/*error.log | |
/var/www/logs/*error_log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# service | |
sudo service fail2ban status | |
sudo service fail2ban start | |
sudo service fail2ban stop | |
# Reload config | |
sudo fail2ban-client reload | |
# Check running services | |
sudo fail2ban-client status | |
# Check specific service (sshd, apache-auth ...) | |
sudo fail2ban-client status <service> | |
# Ping fail2ban server | |
sudo fail2ban-client ping | |
# Server status | |
sudo fail2ban-server status | |
# Reload server | |
sudo fail2ban-server reload | |
# Debug config | |
sudo fail2ban-client -v -d | |
# Logs | |
sudo tail -f /var/log/fail2ban.log | |
# Run filter again log file to test rules | |
sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf | |
# Manually ban/unbad IP from service (sshd, apache-auth ...) | |
sudo fail2ban-client set <service> banip 111.111.111.111 | |
sudo fail2ban-client set <service> unbanip 111.111.111.111 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment