Preconfigure fail2ban and core security services by default

2026-05-10 20:13:30 +00:00
parent be6ddf1416
commit 43734fe1b1
9 changed files with 139 additions and 35 deletions
@@ -1,18 +1,35 @@
 [DEFAULT]
 ignoreip = 127.0.0.1/8 ::1
-bantime  = 1h
+bantime = 1h
 findtime = 10m
 maxretry = 5
-backend  = systemd
+backend = systemd
+banaction = ufw
+banaction_allports = ufw
+
+action = %(action_mwl)s

 [sshd]
-enabled  = true
-port     = ssh
-logpath  = %(sshd_log)s
-maxretry = 5
+enabled = true
+mode = aggressive
+port = ssh
+logpath = %(sshd_log)s
+maxretry = 4
+findtime = 10m
+bantime = 4h

 [sshd-ddos]
-enabled  = true
-port     = ssh
-logpath  = %(sshd_log)s
+enabled = true
+port = ssh
+logpath = %(sshd_log)s
 maxretry = 3
+findtime = 10m
+bantime = 8h
+
+[recidive]
+enabled = true
+logpath = /var/log/fail2ban.log
+banaction = ufw-allports
+findtime = 1d
+bantime = 7d
+maxretry = 5