BrainwreckedTech: Made TOC float left and added description

2019-12-11T08:11:04Z

Made TOC float left and added description

← Older revision		Revision as of 04:11, 11 December 2019
Line 1:		Line 1:
			<div style="float:left; margin-right:0.5em; margin-bottom:0.5em;">__TOC__</div>

			Fail2ban protects computers from brute-force attacks like password guessing and exploit scanning. Fail2ban monitors the system's log files for malicious incoming activity. If detected, fail2ban can ban the IP, e-mail a notification, or any other arbitrary action. Note that fail2ban is weak against DDoS attacks since it identifies activity by IP address, unless the individual IPs involved happen to trigger fail2ban on their own.

	= Fail2Ban Setup =		= Fail2Ban Setup =

BrainwreckedTech: Created page.

2019-12-08T14:05:14Z

Created page.

New page

= Fail2Ban Setup =

== Main Configuration ==

{{hc|/etc/fail2ban/jail.local|2=
[DEFAULT]
bantime = 1d
destemail = root@bwt.com.de
sender = fail2ban@bwt.com.de
action = %(action_mwl)s
}}

== SSHD Configuration ==

{{hc|/etc/fail2ban/jail.d/sshd.local|2=
[sshd]
enabled = true
filter = sshd
banaction = iptables
backend = systemd
maxretry = 5
findtime = 1d
bantime = 2w
ignoreip = 127.0.0.1/8
}}

== Postfix-ISPmail Configuration ==

{{hc|/etc/fail2ban/jail.d/postfix-ispmail.local|2=
[postfix-ispmail]
enabled = true
filter = postfix
port = smtp,submission
banaction = iptables
backend = systemd
maxretry = 5
findtime = 1d
bantime = 2w
ignoreip = 192.99.246.231/32
}}

{{hc|/etc/fail2ban/filter.d/postfix-ispmail.conf|2=
<nowiki>[INCLUDES]
before = common.conf

[Definition]
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)slost connection after AUTH from \S+\[<HOST>\]$
ignoreregex =

[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service</nowiki>
}}

Fail2Ban - Revision history

BrainwreckedTech: Made TOC float left and added description

BrainwreckedTech: Created page.