cagsm wrote:
Hello list. Newbie with fail2ban, used to work with denyhosts. Leap 42.3 x64 and just fetched in the fail2ban packages
sudo zypper in fail2ban SuSEfirewall2-fail2ban monitoring-plugins-fail2ban
now I have the /etc/fail2ban/jail.local file there, and to my understand all I put in there is these two lines for sshd ban testing:
[sshd] enabled = true
That's all right?
Yes, for basic setup.
and then execute the fail2ban-client script with e.g. /usr/bin/fail2ban-client status /usr/bin/fail2ban-client start
You'd probably rather systemctl enable fail2ban systemctl start fail2ban
Any more stuff or howtos and all for me to start with sshd protection?
You can tweak the defaults (like bantime and number of retries), and what I found helpful was http://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/ to set up a nested layout that increases bantime for repeated attackers. (probably mostly interesting for servers with long uptime) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org