Libre Things » security http://positon.org Tue, 23 Feb 2016 20:01:11 +0000 en-US hourly 1 http://wordpress.org/?v=3.7.1 Fail2ban http://positon.org/fail2ban http://positon.org/fail2ban#comments Mon, 03 Aug 2009 13:20:00 +0000 http://positon.org:81/?p=58 If you discover lots of ssh connection tries in your /var/log/auth.log (bots testing users/passwords), you have to do something.

The simpler is to use an IP restriction rule in your iptables firewall, or in /etc/hosts.deny

If you don’t want or can’t use this restriction, use Fail2ban:

aptitude install fail2ban

The default install blocks SSH connection tries.

You can tune the config a bit or activate Fail2ban for other services. Example:

vi /etc/fail2ban/jail.conf
bantime  = 86400
maxretry = 10 # pour ssh
enabled  = true # pour vsftpd
maxretry = 10 # pour vsftpd

Then, the iptables -L command gives you all banned IP addresses.

]]> http://positon.org/fail2ban/feed