Install

• sudo apt install fail2ban

Nach der Installation stehen folgende Programme zur Verfügung

• fail2ban-server - der Server
• fail2ban-client - Clientprogramm zur Konfiguration und Auswertung des Servers
• fail2ban-regex - Programm zum Testen von Regular-Expressions[7]

Konfigurationsdatein

• Fail2ban Konfigurationsdatein

Config

• sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Example ssh

[sshd]
enabled    = true
port    = ssh
filter    = sshd
logpath    = /var/log/auth.log
maxretry = 4

Example dovecot

[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3

Example apache2

[apache]
enabled  = true
port     = http,https
filter   = apache-auth
logpath  = /var/log/apache*/*error.log
maxretry = 6

Example vsftp

[vsftpd]
enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = vsftpd
logpath  = /var/log/vsftpd.log
maxretry = 3

Links

• https://www.thomas-krenn.com/de/wiki/SSH_Login_unter_Debian_mit_fail2ban_absichern