Thursday 23 December 2010

Using Fail2Ban for SSH on custom ports

You migth have already setup Fail2ban properly following this guide. But if you're not using standard ports for your services, Fail2ban could identify the threat but not properly block the offending user.

When Fail2ban identify an IP as a possible threat it will modify your firewall (iptables) to block that IP from accessing your service. So if IP 1.2.3.4 has tried too many times to access your server through SSH but failled, fail2ban will "tell" iptables to block this IP from accessing your server through your "ssh" port. Which translate to port 22. But what if your SSH server is on port 44000?

Following the guide, you may remember that the best place to modify your configuration is in /etc/fail2ban/jail.local. Since ssh filter is already enabled in the default configuration, you only have to specify the new port:

[ssh]
port=44000

Same for other services:

[apache]
port=8080
Publié à
Libellés : , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)