From 7ddfd97d333a48a03dd70b0de49da0bf8f5d6adb Mon Sep 17 00:00:00 2001 From: Karsten Date: Mon, 23 Nov 2015 12:53:50 +0100 Subject: [PATCH] Update README.md --- README.md | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index e16f10d..a026bd0 100644 --- a/README.md +++ b/README.md @@ -8,15 +8,9 @@ To get more power out of fail2ban you can combine it with http://blocklist.de ## New jail for fail2ban ``` [ssh-blocklist] - -enabled = true -port = ssh -filter = blocklist -logpath = /var/log/blocklist.log -maxretry = 1 -bantime = 86400 -action = %(action_)s +... ``` +see [jail.local](jail.local) * Monitor ssh port and uses the filter blocklist with the logfile blocklist.log. * All found IPs will be blocked after 1 attempt for 1 day. @@ -26,29 +20,28 @@ action = %(action_)s # Fail2Ban configuration file [Definition] - -# Option: failregex -# Notes.: regex to match the password failures messages in the logfile. The -# host must be matched by a group named "host". The tag "" can -# be used for standard IP/hostname matching and is only an alias for -# (?:::f{4,6}:)?(?P[\w\-.^_]+) -# Values: TEXT -# -failregex = ^ *: *$ - -# Option: ignoreregex -# Notes.: regex to ignore. If this regex matches, the line is ignored. -# Values: TEXT -# -ignoreregex = +... ``` +see [blocklist.conf](blocklist.conf) ## Get the IPs ``` -run blocklist.de-update.sh from Terminal +./blocklist.de-update.sh ``` +run [blocklist.de-update.sh](blocklist.de-update.sh) from Terminal ## Restart service ``` service fail2ban restart ``` + +## Cron job +Call the script each hour to fetch the last IP list for SSH +``` +0 * * * * $PATH_TO_FILE$/blocklist.de-update.sh ssh 3600 +``` + +## Monitoring +``` +tail -f /var/log/auth.log /var/log/fail2ban.log +```