fev 092021
 

Overview

Install and configure Fail2Ban to block attacking hosts using a null route or blackhole routes.

PRO:
– Works on all kernel versions and as no compatibility problems (back to debian lenny and WAY further).
– It’s FAST for very large numbers of blocked ips.
– It’s FAST because it Blocks traffic before it enters common iptables chains used for filtering.
– It’s per host, ideal as action against ssh password bruteforcing to block further attack attempts.
– No additional software required beside iproute/iproute2
CON:
– Blocking is per IP and NOT per service, but ideal as action against bruteforcing hosts.

Continue reading »

dez 032020
 
Irei detalhar de forma bem pratica e funcional, pronto para já funcionar Fail2ban com Zimbra 8.8.x
  • Instale o fail2ban seguindo as instruções da sua distribuição – (Versão 0.9.6 pra cima)
Após instalado e sabendo que esta iniciando corretamente (por padrão) faça as devidas configurações.

mv /etc/fail2ban/jail.d/defaults-debian.conf /etc/fail2ban/jail.d/defaults-debian.conf.bkp
mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bkp
vim /etc/fail2ban/jail.conf

 Continue reading »