Menu
▾
▴
Re: [Sshguard-users] help configuring sshguard with ufw
|
From: Laurent A. <l.a...@fr...> - 2014-11-02 10:06:43
|
Anyway, here is how I did it with fail2ban:
Extract of 2 examples of /etc/fail2ban/jail.local
[ssh]
enabled = true
action = ufw-all
port = 36247
filter = sshd
logpath = /var/log/auth.log
maxretry = 2
[nginx-auth]
enabled = true
filter = nginx-auth
action = ufw-nginx-full
# sendmail[name=nginx-auth]
logpath = /var/log/nginx*/*error*.log
bantime = 3600 # 1 hour
maxretry = 3
/etc/fail2ban/action.d/ufw-all.conf :
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip>
actionunban = ufw delete deny from <ip>
/etc/fail2ban/action.d/ufw-nginx-full.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 2 deny from <ip> to any app "Nginx Full"
actionunban = ufw delete deny from <ip> to any app "Nginx Full"
Le 01/11/2014 12:29, jo...@te... a écrit :
> Le vendredi, 31 Oct 2014 23:29:28 +0100,
> Laurent Alebarde <l.a...@fr...> a écrit :
>
>> I did it with fail2ban
> Apart from some functional differences, the big difference between the
> two is that sshguard as a compiled application, meaning that it is not
> a script, which results in faster execution. Not only sshguard is
> compiled, the parsing expressions also are.
>
> Cheers.
>
|
