How can I identify all the services to use with fail2ban en jail.local?

Discussion in 'Server Operation' started by Milly, Jan 10, 2020.

  1. Milly

    Milly New Member

    With which command in the terminal I can identify which services I should put in /var/log/fail2ban.log.

    I would like to identify, avoid entry attempts and ban ips or domains that try to log into services such as mysql, nextcloud, ssh, php, webmail, sasl and the other tutorials programs:

    - The Perfect Server - Debian 10
    - Install NextCloud on Debian 10


    Thank you
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Debian 10 has logwatch which does log analysis and e-mails you summaries. Use something like that to see what kind of password guessing attempts are happening.
    Then read /etc/fail2ban/jail.conf and the filters in /etc/fail2ban/filter.d to see what kinds of jails are available and enable the ones you need. Do read the fail2ban documentation. On Debian enabling a jail happens by adding to /etc/fail2ban/jail.local the jail and enable line, like this:
    Code:
    [postfix-sasl]
    enabled = true
    
     

Share This Page