This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
computing:fail2ban [2019/11/03 04:25] – oemb1905 | computing:fail2ban [2024/12/13 16:22] (current) – oemb1905 | ||
---|---|---|---|
Line 3: | Line 3: | ||
* **Jonathan Haack** | * **Jonathan Haack** | ||
* **Haack' | * **Haack' | ||
- | * **oemb1905@jonathanhaack.com** | + | * **oemb1905@jonathanhaack.com** |
------------------------------------------- | ------------------------------------------- | ||
Line 21: | Line 21: | ||
<action = %(action_mwl)s> | <action = %(action_mwl)s> | ||
- | If you attempt to log in via ssh and fail within any 4 hour period 4 different times, then you are immediately blocked. | + | If you attempt to log in via ssh and fail within any 4 hour period 4 different times, then you are immediately blocked |
[DEFAULT] | [DEFAULT] | ||
Line 28: | Line 28: | ||
maxretry = 4 | maxretry = 4 | ||
- | The recidive filter below states that the last 3 weeks will be reviewed and if the ip address in question was banned | + | TheIf over the last 3 weeks the ip address in question was banned |
[recidive] | [recidive] | ||
Line 36: | Line 36: | ||
bantime | bantime | ||
findtime = 3w | findtime = 3w | ||
- | maxretry = 1 | + | maxretry = 2 |
In order for this to work, the database purge parameter needs to be adjusted to be greater than or equal to what you specify for the find time in recidive. | In order for this to work, the database purge parameter needs to be adjusted to be greater than or equal to what you specify for the find time in recidive. | ||
Line 58: | Line 58: | ||
sudo fail2ban-client status | sudo fail2ban-client status | ||
- | Hope this helps! | + | Hope this helps! Oh yeah ... here is how to remove a false positive! |
- | --- //[[oemb1905@jonathanhaack.com|oemb1905]] | + | fail2ban-client set ssh unbanip 10.xx.15x.12x |
+ | fail2ban-client unban --all | ||
+ | |||
+ | Another method that does more than individual services, and instead zaps all records: | ||
+ | |||
+ | sudo systemctl stop fail2ban | ||
+ | sudo truncate -s 0 / | ||
+ | sudo rm / | ||
+ | sudo systemctl restart fail2ban | ||
+ | |||
+ | Systemd log issues. Change the sshd jail as follows | ||
+ | |||
+ | sudo nano / | ||
+ | backend = systemd | ||
+ | #backend = %(sshd_backend)s | ||
+ | |||
+ | Some recommend adding backend = systemd into jail.conf, but I've found that does nothing. The error over ipv6 not being set and using auto can be removed as follows: | ||
+ | |||
+ | sudo nano / | ||
+ | ' | ||
+ | |||
+ | --- //[[alerts@haacksnetworking.org|oemb1905]] |