Service Unix Linux

Fail2ban

Daemon to ban hosts that cause multiple authentication errors.

Fail2Ban

Centos 8

Install 

$ sudo service iptables stop
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalld.service

$ sudo dnf install epel-release
$ sudo dnf install firewalld
$ sudo dnf install fail2ban

Configure 

$ sudo cp /etc/fail2ban/jail.{conf,local}
$ sudo vim /etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 1.2.3.4/24
bantime  = 1d
findtime  = 1h
maxretry = 5
banaction = firewallcmd-ipset

[sshd]
enabled = true

[nginx-botsearch]
enabled = true
filter = nginx-botsearch
logpath = /var/log/nginx/error.log
          /var/log/nginx/aaa.error.log
          /var/log/nginx/bbb.error.log
          /var/log/nginx/ccc.error.log

[nginx-botsearch]
enabled = true
filter = nginx-botsearch
logpath = /var/log/nginx/*error.log

$ sudo systemctl start fail2ban
$ sudo systemctl enable fail2ban
$ sudo systemctl status fail2ban
$ sudo fail2ban-client version
$ sudo tail -f /var/log/fail2ban.log
$ fail2ban-client -h

$ sudo fail2ban-client status
$ sudo fail2ban-client status sshd

$ sudo fail2ban-client set sshd unbanip 23.34.45.56
$ sudo fail2ban-client set sshd banip 23.34.45.56

nginx-botsearch
nginx-http-auth
nginx-limit-req
comments powered by Disqus