Rss

fail2ban quick setup against brute-force ssh

Having a quite smooth way to avoid some brute-force SSH attempts is relatively easy using fail2ban. On Debian, after the “apt install fail2ban” command, ssh is already protected but a little more can be done to improve the efficiency of this filter.

First, override the “dbpurgeage” setting to allow the data to remain up to 7.5 days. Add the file /etc/fail2ban/fail2ban.d/local.conf with:

[Definition]
dbpurgeage = 648000

Then add another config file to enable the “recidive” jail, for instance in /etc/fail2ban/jail.d/local.conf add:

[recidive]
enabled = true
maxretry = 2
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day

Restart the fail2ban service et voilĂ , fail2ban has now the ability to keep away some brute-force IP a bit longer. You can of course change the desired value to extend the ban or limit the findtime.

Leave a Reply

Your email address will not be published. Required fields are marked *