**This is an old revision of the document!**
fail2ban
f2b je sistem, ki na podlagi skeniranja diagnostičnih sporočil blokira dostop do strežnika. Če se iz istega IP naslova pojavi v določenem časovnem okvirju veliko neuspelih poskusov vpisa, je dostop do strežnika za nekaj časa popolnoma onemogočen.
Omogoči sshd
/etc/fail2ban/jail.local
[DEFAULT] bantime = 1h [sshd] enabled = true
Rekurzivno blokiranje
Rekurzivno blokiranje pomeni, da se ponavljajoče “prestopnike” blokira za vedno dlje. Primer konfiguracije:
/etc/fail2ban/filter.d/f2b-loop.conf
# Fail2Ban configuration file for subsequent bans # [INCLUDES] before = common.conf [Definition] failregex = \]\s+Ban\s+<HOST> ignoreregex = \[f2b-loop.*\]\s+Ban\s+<HOST> # # Author: Walter Heitman Jr. http://blog.shanock.com
/etc/fail2ban/jail.local
# Repeat offenderji! [f2b-loop2] enabled = true filter = f2b-loop bantime = 86400 ; 1 day findtime = 604800 ; 1 week logpath = /var/log/fail2ban.log maxretry = 3 [f2b-loop3] enabled = true filter = f2b-loop bantime = 604800 ; 1 week findtime = 2592000 ; 1 month logpath = /var/log/fail2ban.log maxretry = 3 [f2b-loop4] enabled = true filter = f2b-loop bantime = 2592000 ; 1 month findtime = 15552000 ; 6 months logpath = /var/log/fail2ban.log maxretry = 6 [f2b-loop5] enabled = true filter = f2b-loop #bantime = 15552000 ; 6 months bantime = -1 ; permaban findtime = 31536000 ; 1 year logpath = /var/log/fail2ban.log maxretry = 9