Fail2ban
by fakie_flip from LinuxQuestions.org on (#4XQ4M)
How much overhead is there for leaving fail2ban to check for a lot of services that I do not have installed and web apps that I do not have in Apache? Is it best to leave all of those uncommented out in jail.conf? I thought I was not supposed to edit that file. Commenting them out in jail.local won't disable them.
The guide I am following is for Ubuntu, and I am running CentOS 7. So that is probably why it says that by default only sshd in Fail2ban is enabled, and for me, it seems at least 20 types or more are enabled by default in my jail.conf file.
So if I do edit the jail.conf to comment out a lot of unneeded checks, when fail2ban upgrades by my distro, it will overwrite that file, and I will need to do it each time.
What is the best course of action?
The guide I am following is for Ubuntu, and I am running CentOS 7. So that is probably why it says that by default only sshd in Fail2ban is enabled, and for me, it seems at least 20 types or more are enabled by default in my jail.conf file.
So if I do edit the jail.conf to comment out a lot of unneeded checks, when fail2ban upgrades by my distro, it will overwrite that file, and I will need to do it each time.
What is the best course of action?