Fail2ban change configuration

Hi Guys,

I need to change the Fail2ban configuration but i don’t realy know how to do that.
My objectif is to modify the ban time :

[sshd] 
bantime = 3600

And the recidive jail :

[recidive]
enabled = true
maxretry = 4
bantime = 1w
findtime = 1d

but I don’t know where the file is on the server, thanks for your help.

Hi,

The Fail2ban configuration files are in /etc/fail2ban/jail.d.

1 Like

Thanks for your help, in this folder i need to change for all applications? Can’t I just use a file that will be the general rule for everyone?

first create jail.local file from main configuration file

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

you can enable and config there ssh and recidive jails

make sure you enable jails you are interested in, either in .local or individual configurations in jail.d/

Change from false to true or add:

enable=true

in the correspondent section. For recidive make sure reads correct log file (where sshd bans are written) so it can apply its rules

1 Like

Hi, thanks for your help!

So in my jail.local i have now :

[DEFAULT]
bantime = 3600
findtime = 3600
maxretry = 4

[sshd]
enabled = true
bantime = 3600

[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day

Eerything is correct ? I need to restart fail2ban after this change ?

I really need to increase the ban time, my server is getting bot attacks I assume from three similar IPs since yesterday. I changed the port and disabled xml rpc from wordpress too.

yes, you need to restart after changing config

yunohost service restart fail2ban

(or from webadmin interface)

and check with
fail2ban-client status and

fail2ban-client status JAILNAME

JAILNAME = sshd, recidive, wordpress,… (one of yours)

if you set very restrictive ban times for your jails then recidive would act in already banned IPs so it will take no action because is already banned. This is my understanding, I’m just an average user here, I’m not sysadmin.

1 Like

Thanks ghose for your help!

1 Like