Fail2ban

       $ prt-get depinst fail2ban
       

1. Configure

To start fail2ban at next boot edit /etc/rc.conf and add fail2ban. Fail2ban will verify if /etc/fail2ban/jail.local exist, if exist will use it. Copy distribution jail.conf to jail.locol;

       $ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
       

Edit /etc/fail2ban/jail.local, example configuration;

       [ssh-iptables]

       enabled  = enable
       filter   = sshd
       action   = iptables[name=SSH, port=ssh, protocol=tcp]
                  sendmail-whois[name=SSH, dest=admin@box, sender=fail2ban@box, sendername="fail2ban"]
                  logpath  = /var/log/auth
                  maxretry = 5
       

Test a filter

        # fail2ban-regex /var/log/iptables iptables-ssh.conf
        

This is part of the LeetIO System Documentation. Copyright (C) 2021 LeetIO Team. See the file Gnu Free Documentation License for copying conditions.