#> tujuan : mengamankan server dari bruteforce ssh
apt install fail2ban -y
nano /etc/fail2ban/jail.local[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
/etc/init.d/fail2ban restart
untuk monitor :
root@jitsi:~# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: ssh, sshd
root@jitsi:~# fail2ban-client status ssh
Status for the jail: ssh
|- Filter
| |- Currently failed: 12
| |- Total failed: 290
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 2
|- Total banned: 2
`- Banned IP list: 54.37.71.235 103.75.100.106
No comments:
Post a Comment