howot: leap 42.3 and fail2ban usage in most simple way

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

howot: leap 42.3 and fail2ban usage in most simple way

cagsm
Hello list.
Newbie with fail2ban, used to work with denyhosts. Leap 42.3 x64 and
just fetched in the fail2ban packages

> sudo zypper in fail2ban SuSEfirewall2-fail2ban monitoring-plugins-fail2ban


now I have the /etc/fail2ban/jail.local
file there, and to my understand all I put in there is these two lines
for sshd ban testing:

> [sshd]
> enabled = true


That's all right? and then  execute the fail2ban-client script with e.g.
> /usr/bin/fail2ban-client status
> /usr/bin/fail2ban-client start

etc.. It now displays one jail, the sshd jail I guess.

Any more stuff or howtos and all for me to start with sshd protection?
sshd config gracelogin and noroot and stuff is obviously present for a long time
thanks for all the hints.

TY

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: howot: leap 42.3 and fail2ban usage in most simple way

Peter Suetterlin-2
cagsm wrote:

> Hello list.
> Newbie with fail2ban, used to work with denyhosts. Leap 42.3 x64 and
> just fetched in the fail2ban packages
>
> > sudo zypper in fail2ban SuSEfirewall2-fail2ban monitoring-plugins-fail2ban
>
>
> now I have the /etc/fail2ban/jail.local
> file there, and to my understand all I put in there is these two lines
> for sshd ban testing:
>
> > [sshd]
> > enabled = true
>
>
> That's all right?

Yes, for basic setup.  

> > and then  execute the fail2ban-client script with e.g.
> > /usr/bin/fail2ban-client status
> > /usr/bin/fail2ban-client start

You'd probably rather
systemctl enable fail2ban
systemctl start fail2ban

> Any more stuff or howtos and all for me to start with sshd protection?

You can tweak the defaults (like bantime and number of retries), and what I
found helpful was
http://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/

to set up a nested layout that increases bantime for repeated attackers.
(probably mostly interesting for servers with long uptime)

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]