-
Notifications
You must be signed in to change notification settings - Fork 55
Fail2Ban
Table of Contents
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.
When you install PTSguide, fail2ban is installed by default. The basic settings are created directly, as well as the service runs with default settings.
Here in this section, you will only be told a little bit more about "fail2ban" and some settings on how to optimize your "fail2ban-service".
PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.
// only for EXPERT \
- cd /etc/fail2ban/
- cp jail.conf backup.jail.conf
- nano jail.conf
Please ONLY change this! // change this --> // scroll down // Please ONLY change this!
"bantime" is the number of seconds that a host is banned."
**bantime = 86400m**
"A host is banned if it has generated "max-retry" during the last "find-time" seconds."
**findtime = 36000m**
"maxretry" is the number of failures before a host gets banned."
**maxretry = 3**
Please ONLY change this !
short info :
bann time = time for IP bans
findtime = the time to find the IP in the log
maxretry = maximum retries before banning the IP
-
CTRG + X ( then Y )
-
/etc/init.d/fail2ban restart
-
cd /var/log/
-
tail -f fail2ban.log
PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.
// only for EXPERT \
- cd /etc/fail2ban/
- cp jail.conf backup.jail.conf
- nano jail.conf
Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !
* "bantime" is the number of seconds that a host is banned.
bantime = 172800m
* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 86400m
* "maxretry" is the number of failures before a host gets banned.
maxretry = 3
Please ONLY change this !
-
CTRG + X ( then Y )
-
/etc/init.d/fail2ban restart
-
cd /var/log/
-
tail -f fail2ban.log
PLEASE be careful !!! if you ban your IP you must wait for 24h to rejoin the Server.
// only for EXPERT \
- cd /etc/fail2ban/
- cp jail.conf backup.jail.conf
- nano jail.conf
Please ONLY change this ! // change this --> // scroll down // Please ONLY change this !
* "bantime" is the number of seconds that a host is banned.
bantime = 604800m
* A host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 172800m
* "maxretry" is the number of failures before a host gets banned.
maxretry = 2
Please ONLY change this !
-
CTRG + X ( then Y )
-
/etc/init.d/fail2ban restart
-
cd /var/log/
-
tail -f fail2ban.log
With Fail2Ban v0.8.8 and later:
fail2ban-client set sshd unbanip IPADDRESSHERE
- login over secondary IP ( not banned IP )
- fail2ban-client status ( normaly PTSGuide use this one sshd )
- cat /var/log/fail2ban.log
- find the IP -> right side are
- copy the IP if you want to unban !!! ( own risk )
- fail2ban-client set sshd unbanip IPADDRESSHERE
- try to login !
- if it failed
- go back to step 2.)
- be careful what IP you want to UNBAN !!
Wiki - Wiki
- Recommended Pre-Reading
- Server - Storage Planning
- Usenet or BitTorrent
- PTS Editions
- PTS Folder Structure
- PTS-Repos
- Common Issues
Data Transport
- Traefik
- Port Guard
- PTS Shield
- PTS Press
- Google Cloud - GCE
- Hetzner Cloud
- PTS Fork
- Extra PTS Commands
- PTS Vault - Data Storage
- PTSPatrol
- Plex AutoScan in Docker Container
- Plex_Dupefiner
- Traktarr
- System & Network Auditor
- PreInstaller & UnInstaller
Core Apps [Expand]
Community Apps [Expand]
- AirSonic
- Bazarr
- Bitwarden
- BookSonic
- cAdvisor
- Cloud Commander
- Deluge
- DelugeVPN
- Dozzle
- Duplicati
- Filebrowser
- FlexGet
- Gazee
- Headphones
- Heimdall
- HomeAssistant
- jd2-openvpn
- Kitana
- Logarr
- MakeMKV
- MariaDB
- McMyadmin
- MEDUSA
- Mellow
- Miniflux
- Monitorr
- Muximux
- Mylar
- NextCloud
- NowShowing
- NZBHydra2
- Organizr
- plpp
- pyLoad
- qBittorrent
- QBittorrent VPN
- radarrsyncarr
- Resilio
- rflood-openvpn
- rutorrent-openvpn
- Shoko Anime Server
- SpeedTest
- SyncLounge
- Teamspeak3
- The Lounge
- Transmission
- Trakt.or
- Ubooquity
- Varken
- vnc-xfce
- vnstat
- ZeroTier