Fail2Ban¶

Intrusion Prevention System.

Installation¶

sudo apt install fail2ban

Grundkonfiguration¶

sudo nano /etc/fail2ban/jail.local

[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
backend = systemd
destemail = admin@example.com
sender = fail2ban@example.com
mta = sendmail
protocol = tcp
chain = INPUT
action = %(action_mwl)s

SSH-Jail¶

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600

Nginx-Jails¶

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 3
bantime = 3600

[nginx-limit-req]
enabled = true
filter = nginx-limit-req
logpath = /var/log/nginx/error.log
maxretry = 3
bantime = 3600

Postfix-Jails¶

[postfix]
enabled = true
filter = postfix
logpath = /var/log/mail.log
maxretry = 5
bantime = 3600

[sasl]
enabled = true
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3
bantime = 3600

Service starten¶

sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

Status prüfen¶

sudo fail2ban-client status
sudo fail2ban-client status sshd

Zurück zur Sicherheits-Übersicht