-
Notifications
You must be signed in to change notification settings - Fork 0
Setup fail2ban
Danny Bouwers edited this page Mar 4, 2022
·
1 revision
Fail2Ban scans log files like and bans IP addresses that make too many password failures. It updates firewall rules to reject the IP address.
apk add fail2ban #install fail2ban package
rc-update add fail2ban #Enable the fail2ban service so that it starts at boot
/etc/init.d/fail2ban start #Start the fail2ban service immediately and create configuration filesAdd a jail to fail2ban to block failed login attempts with public keys:
cat > /etc/fail2ban/filter.d/alpine-sshd-key.conf <<EOF
# Fail2Ban filter for openssh for Alpine
#
# Filtering login attempts with PasswordAuthentication No in sshd_config.
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = sshd
failregex = (Connection closed by|Disconnected from) authenticating user .* <HOST> port \d* \[preauth\]
ignoreregex =
[Init]
# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 10
EOF
cat >> /etc/fail2ban/jail.d/alpine-ssh.conf <<EOF
[sshd-key]
enabled = true
filter = alpine-sshd-key
port = ssh
logpath = /var/log/messages
maxretry = 2
EOF
/etc/init.d/fail2ban restart