Re: [Fail2ban-users] Configuration.

[Ben J. <be...@in...>]

On 2/15/2013 10:03 AM, Fabian Wenk wrote:
> Hello David
> 
> On 15.02.2013 14:36, David wrote:
>> Hi, just started using f2b on my servers, what configuration
>> would you recommend for a web hosting server.
> 
> There is no general recommendation for this, as it depends a lot 
> of your particular system usage. I would recommend to at least 
> protect the services which are accessible from the outside and 
> require a login with username and password, e.g. sshd.

Here is a longer list of services that you may wish for fail2ban to monitor:

sshd
sasl
ftp
dovecot/courier
postfix
apache/nginx/lighttpd
webmin

I've posted my preferred jail.local recipe at
http://pastebin.com/VaZ0Wzey (I use Debian/Ubuntu and ISPConfig; you'd
have to make some adjustments).

> For the values of findtime, bantime and maxretry you need to set 
> values which fit your own usage. E.g. if you mistype your own 
> password quite often, then you should set maxretry high enough or 
> you will ban yourself. Alternatively you could use a quite short 
> bantime, but this has some other drawbacks when a brute force 
> attack is running against your server.

You could also white-list your own IP address(es) in your fail2ban
configuration. The sample jail.local file cited above demonstrates how
to do this (multiple IP addresses should be space-separated).

> Hope this helps as a guide line to be able to figure out what is 
> useful for your own server, because you know best how it is 
> configured and how it is and should be working.

Well said, Fabian!

> 
> bye
> Fabian
> 
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013 
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Fail2ban-users mailing list
> Fai...@li...
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>