Fail2ban change configuration

pingu · January 19, 2023, 6:43pm

Hi Guys,

I need to change the Fail2ban configuration but i don’t realy know how to do that.
My objectif is to modify the ban time :

[sshd] 
bantime = 3600

And the recidive jail :

[recidive]
enabled = true
maxretry = 4
bantime = 1w
findtime = 1d

but I don’t know where the file is on the server, thanks for your help.

metyun · January 19, 2023, 8:54pm

Hi,

The Fail2ban configuration files are in /etc/fail2ban/jail.d.

pingu · January 20, 2023, 12:13am

Thanks for your help, in this folder i need to change for all applications? Can’t I just use a file that will be the general rule for everyone?

ghose · January 20, 2023, 6:19am

first create jail.local file from main configuration file

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

you can enable and config there ssh and recidive jails

make sure you enable jails you are interested in, either in .local or individual configurations in jail.d/

Change from false to true or add:

enable=true

in the correspondent section. For recidive make sure reads correct log file (where sshd bans are written) so it can apply its rules

pingu · January 20, 2023, 11:33am

Hi, thanks for your help!

So in my jail.local i have now :

[DEFAULT]
bantime = 3600
findtime = 3600
maxretry = 4

[sshd]
enabled = true
bantime = 3600

[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day

Eerything is correct ? I need to restart fail2ban after this change ?

I really need to increase the ban time, my server is getting bot attacks I assume from three similar IPs since yesterday. I changed the port and disabled xml rpc from wordpress too.

ghose · January 21, 2023, 7:06am

yes, you need to restart after changing config

yunohost service restart fail2ban

(or from webadmin interface)

and check with
fail2ban-client status and

fail2ban-client status JAILNAME

JAILNAME = sshd, recidive, wordpress,… (one of yours)

if you set very restrictive ban times for your jails then recidive would act in already banned IPs so it will take no action because is already banned. This is my understanding, I’m just an average user here, I’m not sysadmin.

pingu · January 31, 2023, 9:32am

Thanks ghose for your help!

system · March 2, 2023, 9:33am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.