-
Notifications
You must be signed in to change notification settings - Fork 1
fail2ban
fail2ban
is installed on cerf
, postel
and taylor
to monitor and ban repeated failed login attempts, i.e. from attempts to login as root
and as random users to gain access to our servers. cerf
also has additional rules to prevent repeated attempts to subscribe to our lists to send spam.
The software has been installed from a standard Ubuntu Linux package.
The local configuration is in /etc/fail2ban/jail.local
, and the log is in /var/log/fail2ban.log
. Bans last by default for 86400 seconds (1 day). Bans are applied by iptables
rules, stored in the fail2ban-ssh
chain.
The custom filter for mailman
is in cerf:/etc/fail2ban/filters.d/mailman.conf
; this will need updated whenever a mailing list is added or removed.
If you need to unban an IP, run the command fail2ban-client set JAILNAME unbanip IPADDRESS
, e.g.
sudo fail2ban-client set ssh unbanip 192.168.95.151
sudo fail2ban-client set mailman unbanup 172.17.169.205