Skip to content

M
mailinabox
Commit 593fd242 authored by anoma's avatar anoma
Browse files
Options

Activate FAIL2BAN recidive jail 

Recidive can be thought of as FAIL2BAN checking itself. This setup will monitor the FAIL2BAN log and if 10 bans are seen within one day activate a week long ban and email the mail in a box admin that it has been applied . These bans survive FAIL2BAN service restarts so are much stronger which obviously means we need to be careful with them.

Our current settings are relatively safe and definitely not easy to trigger by mistake e.g to activate a recidive IP jail by failed SSH logins a user would have to fail logging into SSH  6 times in 10 minutes, get banned, wait for the ban to expire and then repeat this process 9 further times within a 24 hour period.

The default maxretry of 5 is much saner but that can be applied once users are happy with this jail. I have been running a stronger version of this for months and it does a very good job of ejecting persistent abusers.
parent e591d908
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
conf/fail2ban/jail.local
View file @ 593fd242
...@@ -13,3 +13,7 @@ enabled = true ...@@ -13,3 +13,7 @@ enabled = true
filter = dovecotimap filter = dovecotimap
findtime = 30 findtime = 30
maxretry = 20 maxretry = 20
[recidive]
enabled = true
maxretry = 10
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023