Fail2ban y SSH - perfeccion-ar/infraestructura-clasica-y-avanzada GitHub Wiki
Ejemplo para protección rápida del ssh
apt-get install fail2ban
cd /etc/fail2ban
Crear un jail.conf vacio
[sshd]
enable = true
port = ssh
logpath = /var/log/fail2ban.log
backend = systemd
systemctl restart fail2ban ccze
systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-04-14 20:16:26 -03; 23s ago
Docs: man:fail2ban(1)
Main PID: 3802504 (fail2ban-server)
Tasks: 5 (limit: 37667)
Memory: 26.8M
CPU: 164ms
CGroup: /system.slice/fail2ban.service
└─3802504 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Apr 14 20:16:26 bunker4 systemd[1]: Started fail2ban.service - Fail2Ban Service.
Apr 14 20:16:27 bunker4 fail2ban-server[3802504]: 2025-04-14 20:16:27,005 fail2ban.configreader [3802504]: WARNING 'allowipv6' not defin>
Apr 14 20:16:27 bunker4 fail2ban-server[3802504]: Server ready
Comprobar
fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
Ademas
tail -f /var/log/fail2ban.log | ccze -A
2025-04-14 20:16:27,114 fail2ban.jail [3802504]: INFO Jail 'sshd' uses systemd {}
2025-04-14 20:16:27,114 fail2ban.jail [3802504]: INFO Initiated 'systemd' backend
2025-04-14 20:16:27,115 fail2ban.filter [3802504]: INFO maxLines: 1
2025-04-14 20:16:27,122 fail2ban.filtersystemd [3802504]: INFO [sshd] Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
2025-04-14 20:16:27,122 fail2ban.filter [3802504]: INFO maxRetry: 5
2025-04-14 20:16:27,122 fail2ban.filter [3802504]: INFO findtime: 600
2025-04-14 20:16:27,122 fail2ban.actions [3802504]: INFO banTime: 600
2025-04-14 20:16:27,122 fail2ban.filter [3802504]: INFO encoding: UTF-8
2025-04-14 20:16:27,123 fail2ban.filtersystemd [3802504]: INFO [sshd] Jail is in operation now (process new journal entries)
2025-04-14 20:16:27,123 fail2ban.jail [3802504]: INFO Jail 'sshd' started
Activar al inicio
systemctl enable fail2ban