Need help with fail2ban configuration specs. Debian 10
by xmx from LinuxQuestions.org on (#6J9DZ)
Hi Everyone,
I have a Debian 10 server running on a VPS.
The only software I installed is: tinyproxy (http proxy) and fail2ban
I am interested in banning all unauthorized login attempts, i.e. attempts to all ports.
I have included my specific settings in the jail.local file.
I believe my settings are correct for banning attempts to login to SSH (although I am not sure about that), but I really want to ban unauthorized attempts to any port.
I have included my specific settings in the fail2ban.local file since I made one change there.
Many thanks !
xmx
===
=== Here are my entries in jail.local
===
<pre>
#
# JAILS
#
#
# SSH servers
#
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
enabled = true
mode = aggressive
port = 22
filter = sshd
logpath = /var/log/auth.log
bantime = 2000000
findtime = 7200
maxretry = 2
backend = %(sshd_backend)s
action = iptables-multiport[name=sshd, port="ssh", protocol=tcp]
</pre>
===
=== Here are my entries in fail2ban.local
===
<pre>
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 2100000
</pre>
I have a Debian 10 server running on a VPS.
The only software I installed is: tinyproxy (http proxy) and fail2ban
I am interested in banning all unauthorized login attempts, i.e. attempts to all ports.
I have included my specific settings in the jail.local file.
I believe my settings are correct for banning attempts to login to SSH (although I am not sure about that), but I really want to ban unauthorized attempts to any port.
I have included my specific settings in the fail2ban.local file since I made one change there.
Many thanks !
xmx
===
=== Here are my entries in jail.local
===
<pre>
#
# JAILS
#
#
# SSH servers
#
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
enabled = true
mode = aggressive
port = 22
filter = sshd
logpath = /var/log/auth.log
bantime = 2000000
findtime = 7200
maxretry = 2
backend = %(sshd_backend)s
action = iptables-multiport[name=sshd, port="ssh", protocol=tcp]
</pre>
===
=== Here are my entries in fail2ban.local
===
<pre>
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 2100000
</pre>