Alan Orth
0605f70f2e
This is active banning of IPs that are brute forcing login attempts to SSH, versus the passive banning of 10,000 abusive IPs from the abuseipdb.com blacklist. For now I am banning IPs that fail to log in successfully more than twelve times in a one-hour period, but these settings might change, and I can override them at the group and host level if needed. Currently this works for CentOS 7, Ubuntu 16.04, and Ubuntu 18.04, with minor differences in the systemd configuration due to older versions on some distributions. You can see the status of the jail like this: # fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 1 |- Total banned: 1 `- Banned IP list: 106.13.112.20 You can unban IPs like this: # fail2ban-client set sshd unbanip 106.13.112.20
12 lines
312 B
Django/Jinja
12 lines
312 B
Django/Jinja
[sshd]
|
|
enabled = true
|
|
# See: /etc/fail2ban/filter.d/sshd.conf
|
|
filter = sshd
|
|
# Integrate with firewalld and ipsets
|
|
banaction = firewallcmd-ipset
|
|
backend = systemd
|
|
maxretry = {{ fail2ban_maxretry }}
|
|
findtime = {{ fail2ban_findtime }}
|
|
bantime = {{ fail2ban_bantime }}
|
|
ignoreip = {{ fail2ban_ignoreip }}
|