This is an old revision of the document!
sudo vim /etc/fail2ban/jail.local
Fail2Ban
Scans log files and check for in appropriate password activities and update and uses firewall (IPTables) to restrict (stop for a period of time) these activities. So fail2ban limits incorrect authorisation attempts, thereby reducing, but not entirely eliminating associated risks and bandwidths. It is primarily used on port and associated services open to the public. DigitalOcean How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04 and How Fail2Ban Works to Protect Services on a Linux Server. Also see the wiki of Fail2Ban on nftables and Fail2ban Add support for nftables #1118 and Add nftables actions #1292.
sudo apt install fail2ban
to install fail2bansudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
copy the main configuration file to a local file to be modified. It is recommended not to change the main file as it is updated with the package.sudo vim /etc/fail2ban/jail.local
and adjust the following basic settings:ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24
bantime = 60m
findtime = 60m
maxretry = 4
- then adjust each jail to be activated:
[postfix] # To use another modes set filter parameter "mode" in jail.local: enable = true mode = more bantime = 12h port = smtp,465,submission logpath = %(postfix_log)s backend = %(postfix_backend)s
[postfix-sasl] enabled = true bantime = 12h filter = postfix[mode=auth] port = smtp,465,submission,imap,imaps,pop3,pop3s # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = %(postfix_log)s backend = %(postfix_backend)s
sudo systemctl restart fail2ban
sudo systemctl restart fail2ban
orjournalctl -u fail2ban -xe
to check fail2ban start correctlysudo iptables -S
to check iptable