fail2ban – custom configs

By | 24/01/2014

Can’t remember where I got this info from, but it is extremely useful. I have a feeling I pulled bits from over the place. I used this procedure to lock down my Owncloud installation when I had it running.

 

Test fake logins, look at logs, find the failure line and then

add file in /etc/fail2ban/filter.d/

Copy an existing one that is similar, use http://regex101.com/ to confirm the regex is correct…

Then add the info into /etc/fail2ban/jail.conf

Then test fake logins and make sure in the /var/log… file it’s showing up the line you expect

Run  fail2ban-regex /var/log/apache2/ssl_access.log /etc/fail2ban/filter.d/oc-auth.conf
Where the log is the log, and the conf file is the new conf file…make sure it finds the failed lines

Restart fail2ban and test.

To see the banned ip run

fail2ban-client status wp-auth

To unban run

fail2ban-client set wp-auth unbanip **IP Address*

Leave a Reply

Your email address will not be published.