scriptos/fail2ban-with-blocklist.de
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
212cad47ca74b8b47ece01def73481a7fdc8df98
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Karsten 212cad47ca Update README.md
2015-11-23 12:46:48 +01:00
blocklist.conf
Create blocklist.conf
2015-11-23 11:01:36 +01:00
blocklist.de-update.sh
Create blocklist.de-update.sh
2015-11-23 11:00:11 +01:00
jail.local
Update jail.local
2015-11-23 12:27:42 +01:00
README.md
Update README.md
2015-11-23 12:46:48 +01:00

README.md

Make Fail2ban with blocklist.de better

Idea from http://wiki.kvs1.de/doku.php?id=pimp-fail2ban-with-blocklist.de

Most admins have http://www.fail2ban.org/ in use to protect their servers. To get more power out of fail2ban you can combine it with http://blocklist.de

New jail for fail2ban

[ssh-blocklist]
 
enabled  = true
port     = ssh
filter   = blocklist
logpath  = /var/log/blocklist.log
maxretry = 1
bantime  = 86400
action   = %(action_)s
  • Monitor ssh port and uses the filter blocklist with the logfile blocklist.log.
  • All found IPs will be blocked after 1 attempt for 1 day.

New filter for fail2ban

# Fail2Ban configuration file
 
[Definition]
 
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^ *: *<HOST>$
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

Get the IPs

run blocklist.de-update.sh from Terminal

Restart service

service fail2ban restart
Reference in New Issue View Git Blame Copy Permalink
Description
fail2ban with blocklist.de
Readme 34 KiB
Languages
Shell 100%