TAZIO MIRANDOLA Web Applications Developer

• http://www.fail2ban.org/wiki/index.php/HOWTOs
• http://www.pontikis.net/blog/fail2ban-install-config-debian-wheezy
• https://help.ubuntu.com/community/Fail2ban

@see ban2expel

Fail2ban can perform multiple actions whenever an abusive IP is detected: update Netfilter/iptables or PF firewall rules, TCP Wrapper's hosts.deny table, to reject an abuser's IP address; email notifications; or any user-defined action that can be carried out by a Python script.

per controllare le regole inserite dal programma:

iptables -L -v

files di configurazione

• (basic settings)
• /etc/fail2ban/jail.conf (settings for various services monitoring). Only ssh monitoring through iptables has been activated by default)
• /etc/fail2ban/action.d/ actions to ban suspected IP
• /etc/fail2ban/filter.d/ filters (regular expressions) through which fail2ban detects malicious attacks in log files
• /var/log/fail2ban.log log file

configurazioni titpiche:

# importante che il sistema ignori gli ip fidati
ignoreip = 192.168.1.0/24 10.0.0.0/24 192.168.0.0/24 80.80.80.80
 
# s 60*60*24
bantime = 86400
# basso numero di tentativi
maxretry = 4
 
# Added email address for reports
to = "me@example.com"
 
# enabled the apache and vsftpd section