Abrar Hossain asked:
I am new to fail2ban. I want to setup Fail2Ban such that it bans an IP for one hour on two failed login attempts. I have the following setup:
/etc/fail2ban/jail.local.conf [DEFAULT] bantime = 3600 maxretry = 2 backend = systemd usedns = warn mode = normal destemail = <MYEMAIL> sender = <MYSENDER> protocol = tcp chain = <known/chain> port = 0:65535 fail2ban_agent = Fail2Ban/%(fail2ban_version)s ... # Choose default action. To change, just override value of 'action' with # the interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = %(action_mw)s [sshd] # To use more aggressive sshd modes set filter parameter "mode" in jail.local: # normal (default), ddos, extra or aggressive (combines all). # See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details. #mode = normal port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s [dropbear] port = ssh logpath = %(dropbear_log)s backend = %(dropbear_backend)s [selinux-ssh] port = ssh logpath = %(auditd_log)s
systemctl status fail2ban.service I see the service is up. My assumption is it is using the jail.local.conf file. There are no errors reported. I don’t have
iptables installed. Is that necessary? If so, how do I set it up with my existing fail2ban setup?
Your file has the wrong name. fail2ban will read a file named
jail.local.conf. Rename the file and restart fail2ban.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.