scriptos/fail2ban-with-blocklist.de

Go to file

Karsten 6d53e7b641 Update README.md

2015-11-24 09:52:48 +01:00

blocklist.conf

Create blocklist.conf

2015-11-23 11:01:36 +01:00

blocklist.de-update.sh

Create blocklist.de-update.sh

2015-11-23 11:00:11 +01:00

jail.local

Update jail.local

2015-11-23 12:27:42 +01:00

README.md

Update README.md

2015-11-24 09:52:48 +01:00

README.md

Make Fail2ban with blocklist.de better

Idea from http://wiki.kvs1.de/doku.php?id=pimp-fail2ban-with-blocklist.de

Most admins have http://www.fail2ban.org/ in use to protect their servers. To get more power out of fail2ban you can combine it with http://blocklist.de

New jail for fail2ban

[ssh-blocklist]
...

Monitor ssh port and uses the filter blocklist with the logfile blocklist.log.
All found IPs will be blocked after 1 attempt for 1 day.

New filter for fail2ban

# Fail2Ban configuration file
 
[Definition]
...

see blocklist.conf

Get the IPs

./blocklist.de-update.sh

run blocklist.de-update.sh from Terminal

Restart service

service fail2ban restart

Cron job

Call the script each hour to fetch the last IP list for SSH

0 * * * * $PATH_TO_FILE$/blocklist.de-update.sh ssh 3600

Monitoring

tail -f /var/log/auth.log /var/log/fail2ban.log

Check Banned IP's Linux

Use the grep command as follows to verify that an IP address 1.2.3.4 is blocked or not:

iptables -L INPUT -v -n | grep "1.2.3.4"