Add fail2ban config

This commit is contained in:
Edgar P. Burkhart 2023-02-12 10:18:00 +01:00
parent 536f01e68f
commit f10c6975b9
Signed by: edpibu
GPG key ID: 9833D3C5A25BD227

View file

@ -0,0 +1,67 @@
---
title: "Fail2ban"
weight: 1
# bookFlatSection: false
# bookToc: true
# bookHidden: false
# bookCollapseSection: false
# bookComments: false
# bookSearchExclude: false
---
# Fail2ban
## Installation
Installer le paquet `fail2ban`.
## Configuration
```ini
[DEFAULT]
bantime = 1h
bantime.increment = true
ignoreip = 127.0.0.1/8 ::1
banaction = ufw[comment="fail2ban"]
banaction_allports = ufw[type=allports,comment="fail2ban"]
destemail = ...
sender = ...
action = %(action_mwl)s
```
### Services
```ini
[sshd]
enabled = true
mode = aggressive
[postfix]
enabled = true
mode = aggressive
[dovecot]
enabled = true
mode = aggressive
[bitwarden]
enabled = true
logpath = /var/log/vaultwarden.log
[nginx-http-auth]
enabled = true
[nginx-botsearch]
enabled = true
[sieve]
enabled = true
[nextcloud]
enabled = true
logpath = /var/log/nextcloud/nextcloud.log
```
## Démarrage
Activer le service `fail2ban.service`.