[opensuse] howot: leap 42.3 and fail2ban usage in most simple way
Hello list. Newbie with fail2ban, used to work with denyhosts. Leap 42.3 x64 and just fetched in the fail2ban packages
sudo zypper in fail2ban SuSEfirewall2-fail2ban monitoring-plugins-fail2ban
now I have the /etc/fail2ban/jail.local file there, and to my understand all I put in there is these two lines for sshd ban testing:
[sshd] enabled = true
That's all right? and then execute the fail2ban-client script with e.g.
/usr/bin/fail2ban-client status /usr/bin/fail2ban-client start
etc.. It now displays one jail, the sshd jail I guess. Any more stuff or howtos and all for me to start with sshd protection? sshd config gracelogin and noroot and stuff is obviously present for a long time thanks for all the hints. TY -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
cagsm wrote:
Hello list. Newbie with fail2ban, used to work with denyhosts. Leap 42.3 x64 and just fetched in the fail2ban packages
sudo zypper in fail2ban SuSEfirewall2-fail2ban monitoring-plugins-fail2ban
now I have the /etc/fail2ban/jail.local file there, and to my understand all I put in there is these two lines for sshd ban testing:
[sshd] enabled = true
That's all right?
Yes, for basic setup.
and then execute the fail2ban-client script with e.g. /usr/bin/fail2ban-client status /usr/bin/fail2ban-client start
You'd probably rather systemctl enable fail2ban systemctl start fail2ban
Any more stuff or howtos and all for me to start with sshd protection?
You can tweak the defaults (like bantime and number of retries), and what I found helpful was http://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/ to set up a nested layout that increases bantime for repeated attackers. (probably mostly interesting for servers with long uptime) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
cagsm -
Peter Suetterlin