Add fail2ban config
This commit is contained in:
parent
536f01e68f
commit
f10c6975b9
1 changed files with 67 additions and 0 deletions
67
content/docs/server/services/fail2ban.md
Normal file
67
content/docs/server/services/fail2ban.md
Normal file
|
@ -0,0 +1,67 @@
|
|||
---
|
||||
title: "Fail2ban"
|
||||
weight: 1
|
||||
# bookFlatSection: false
|
||||
# bookToc: true
|
||||
# bookHidden: false
|
||||
# bookCollapseSection: false
|
||||
# bookComments: false
|
||||
# bookSearchExclude: false
|
||||
---
|
||||
|
||||
# Fail2ban
|
||||
|
||||
## Installation
|
||||
Installer le paquet `fail2ban`.
|
||||
|
||||
## Configuration
|
||||
```ini
|
||||
[DEFAULT]
|
||||
bantime = 1h
|
||||
bantime.increment = true
|
||||
|
||||
ignoreip = 127.0.0.1/8 ::1
|
||||
|
||||
banaction = ufw[comment="fail2ban"]
|
||||
banaction_allports = ufw[type=allports,comment="fail2ban"]
|
||||
|
||||
destemail = ...
|
||||
sender = ...
|
||||
|
||||
action = %(action_mwl)s
|
||||
```
|
||||
|
||||
### Services
|
||||
```ini
|
||||
[sshd]
|
||||
enabled = true
|
||||
mode = aggressive
|
||||
|
||||
[postfix]
|
||||
enabled = true
|
||||
mode = aggressive
|
||||
|
||||
[dovecot]
|
||||
enabled = true
|
||||
mode = aggressive
|
||||
|
||||
[bitwarden]
|
||||
enabled = true
|
||||
logpath = /var/log/vaultwarden.log
|
||||
|
||||
[nginx-http-auth]
|
||||
enabled = true
|
||||
|
||||
[nginx-botsearch]
|
||||
enabled = true
|
||||
|
||||
[sieve]
|
||||
enabled = true
|
||||
|
||||
[nextcloud]
|
||||
enabled = true
|
||||
logpath = /var/log/nextcloud/nextcloud.log
|
||||
```
|
||||
|
||||
## Démarrage
|
||||
Activer le service `fail2ban.service`.
|
Loading…
Reference in a new issue