User Tools

Site Tools


docs:tips_n_tricks:fail2ban.html

fail2ban

Cleanup oversized fail2ban.sqlite3

Test

cp -vip --sparse=always /var/lib/fail2ban/fail2ban.sqlite3 /scratch/root/fail2ban.sqlite3.sparse
sqlite3 fail2ban.sqlite3
sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;"
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;"

Real

systemctl stop fail2ban
cd /var/lib/fail2ban
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3
  SELECT COUNT(*) FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01');
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 10000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 10000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 35000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') ;
ls -lah fail2ban.sqlite3
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;" && systemctl start fail2ban
ls -lah fail2ban.sqlite3

Configuration

vi /etc/fail2ban/jail.d/jail.local
systemctl reload fail2ban

Whitelist IPs / IP Ranges

/etc/fail2ban/jail.d/jail.local
ignoreip = 127.0.0.1 10.0.0.0/8 192.168.0.0/16

Set default bantime, max allowed failures and different values for e.g. dovecot

/etc/fail2ban/jail.d/jail.local
[DEFAULT]
bantime = 1h
maxretry = 3
[dovecot]
bantime = 24h
docs/tips_n_tricks/fail2ban.html.txt · Last modified: 21.04.2024 23:55 CEST by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki