You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security/using-fail2ban-for-security.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -142,7 +142,7 @@ Fail2ban reads `.conf` configuration files first, then `.local` files override a
142
142
-`socket`: The location of the socket file.
143
143
-`pidfile`: The location of the PID file.
144
144
145
-
### Configure jail.local
145
+
##3) Configure jail.local Settings
146
146
147
147
1. The `jail.conf` file will enable Fail2ban for SSH by default for Debian and Ubuntu, but not CentOS. All other protocols and configurations (HTTP, FTP, etc.) are commented out. If you want to change this, create a `jail.local` for editing:
148
148
@@ -171,7 +171,7 @@ Fail2ban reads `.conf` configuration files first, then `.local` files override a
171
171
enabled = true
172
172
~~~
173
173
174
-
####Whitelist IP
174
+
### Whitelist IP
175
175
176
176
To ignore specific IPs, add them to the `ignoreip` line. By default, this command will not ban the localhost. If you work from a single IP address often, it may be beneficial to add it to the ignore list:
177
177
@@ -190,7 +190,7 @@ If you wish to whitelist IPs only for certain jails, this can be done with the `
190
190
191
191
fail2ban-client set JAIL addignoreip 123.45.67.89
192
192
193
-
####Ban Time and Retry Amount
193
+
### Ban Time and Retry Amount
194
194
195
195
Set `bantime`, `findtime`, and `maxretry` to define the circumstances and the length of time of a ban:
196
196
@@ -212,7 +212,7 @@ Set `bantime`, `findtime`, and `maxretry` to define the circumstances and the le
212
212
213
213
-`maxretry`: How many attempts can be made to access the server from a single IP before a ban is imposed. The default is set to 3.
214
214
215
-
####Email Alerts
215
+
### Email Alerts
216
216
217
217
To receive email when fail2ban is triggered, adjust the email settings:
218
218
@@ -360,9 +360,9 @@ With the failregex created, it then needs to be added to a filter.
360
360
361
361
## Using the Fail2ban Client
362
362
363
-
Fail2ban provides a command `fail2ban-client` that can be used to run Fail2ban from the command line. The input should be as follows:
363
+
Fail2ban provides a command `fail2ban-client` that can be used to run Fail2ban from the command line:
0 commit comments