[{"data":1,"prerenderedAt":302},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2015\u002F06\u002F16\u002Freplacing-denyhosts-with-fail2ban-for-debian\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":286,"description":213,"embedImage":287,"extension":288,"image":287,"intro":289,"meta":290,"navigation":291,"path":292,"seo":293,"series":287,"sitemap":294,"stem":295,"tags":296,"__hash__":301},"content\u002F2015\u002F06\u002F16\u002Freplacing-denyhosts-with-fail2ban-for-debian.md","Replacing denyhosts with fail2ban for debian",{"type":208,"value":209,"toc":282},"minimark",[210,214,228,247,250,253,256,259,262,265,279],[211,212,213],"p",{},"Preparing for migration from debian wheezy to debian jessie and one of the packages I use is no longer supported.",[211,215,216,217,227],{},"Denyhosts is something that I used to block incoming ssh attacks (it adds IP addresses to \u002Fetc\u002Fhosts.deny). But it is not available in Jessie. The security team had ",[218,219,226],"a",{"href":220,"rel":221,"target":225},"https:\u002F\u002Fbugs.debian.org\u002Fcgi-bin\u002Fbugreport.cgi?bug=732712",[222,223,224],"nofollow","noopener","noreferer","_blank","the following comments",":",[229,230,231,241,244],"ul",{},[232,233,234,235,240],"li",{},"There are unaddressed security issues (e.g. ",[218,236,239],{"href":237,"rel":238,"target":225},"https:\u002F\u002Fbugs.debian.org\u002Fcgi-bin\u002Fbugreport.cgi?bug=692229",[222,223,224],"#692229",").",[232,242,243],{},"The tool is dead upstream (last release 2008).",[232,245,246],{},"There is a viable alternative, fail2ban, that provides the same or increased feature set.",[211,248,249],{},"So - time to look at fail2ban.",[211,251,252],{},"Fail2ban doesn't by default use hosts.deny - it creates iptables rules (that by default time out after a while). I was quite happy with this so the default config in jessie is pretty close to what I want.",[211,254,255],{},"Installation is easy - a simple apt-get\u002Faptitude install of fail2ban.",[211,257,258],{},"Configuration - the recommendation for any fail2ban config is to copy any conf file (foo.conf) to a .local file in the same directory (foo.local) and then modify that.",[211,260,261],{},"The main config is \u002Fetc\u002Ffail2ban\u002Fjail.conf - so - I copied this to \u002Fetc\u002Ffail2ban\u002Fjail.local",[211,263,264],{},"Changes I made:",[229,266,267,270,273,276],{},[232,268,269],{},"ignoreip - space separated list of IP's\u002Fnetworks to be whitelisted. Defaults to localhost. I added IP ranges that I use.",[232,271,272],{},"bantime - time for a ban in seconds. Defaults to 600 (10 mins) - I doubled it.",[232,274,275],{},"destemail - mail address to send reports etc - defaults to root@localhost - I changed it to my monitoring email address.",[232,277,278],{},"action - defaults to action_ - which just does the ban. I changed it to action_mw which also sends email (there's an _mwl too which also sends relevant log lines)",[211,280,281],{},"So - fail2ban is now running - and from the mail received and checking both iptables -L and fail2ban-client status ssh I've seen that it's doing its job. Denyhosts retired. Oh - and fail2ban runs fine on wheezy too and can help with lots of other services. Lots more config to dive into if you need it - but for basic ssh - the defaults work pretty well.",{"title":283,"searchDepth":284,"depth":284,"links":285},"",2,[],"2015-06-16 22:39 +0200",null,"md","Migration from wheezy to jessie and a package I use is no longer available",{},true,"\u002F2015\u002F06\u002F16\u002Freplacing-denyhosts-with-fail2ban-for-debian",{"title":206,"description":213},{"loc":292},"2015\u002F06\u002F16\u002Freplacing-denyhosts-with-fail2ban-for-debian",[297,298,299,300],"debian","ssh","denyhosts","fail2ban","ZMl2wUc1jC6HfVsmxKqjdKeQKaoWhc-YLwh8aSH9bkc",1775293010564]