yishan.io
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Fail2ban

Fail2ban

Installation sur debian 9

Version : 0.9.6

apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Changements effectués

vim /etc/jail.local

bantime = 3600
findtime = 600
maxretry = 3
destemail = security@yishan.io
sender = fail2ban
action = %(action_mwl)s
# Ajout du numéro du port ssh qqui a été modifié
port = ssh,numero_du_port_ssh
# Jails mis en enabled = true
 sshd, sshd-ddos, apache-auth, apache-badbots, apache-botsearch, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-shellshock, courier-auth, courier-smtp, dovecot, mysqld-auth, postfix, postfix-rbl, postfix-sasl, recidive, sendmail-auth, sendmail-reject

# Jails Perso
[wordpress]
port = http,https
logpath = /var/log/apache2/wp_access.log
enabled = true

Ajout des filtres dans /etc/fail2ban/filter.d/

vim /etc/fail2ban/filter.d/wordpress.conf

# Fail2Ban filter for WordPress

[Definition]

failregex = <HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "POST /wp-login.php HTTP/1.1" 200

ignoreregex =

Vérification du statut des jails

fail2ban-client status
fail2ban-client status <jail>