fail2ban
- Cleanup oversized fail2ban.sqlite3
  - Test
  - Real
- Configuration
  - Whitelist IPs / IP Ranges
  - Set default bantime, max allowed failures and different values for e.g. dovecot

fail2ban

Cleanup oversized fail2ban.sqlite3

Test

cp -vip --sparse=always /var/lib/fail2ban/fail2ban.sqlite3 /scratch/root/fail2ban.sqlite3.sparse
sqlite3 fail2ban.sqlite3
sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;"
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;"

Real

systemctl stop fail2ban
cd /var/lib/fail2ban
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3
  SELECT COUNT(*) FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01');
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 10000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 10000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') LIMIT 35000;
  DELETE FROM bans WHERE timeofban < STRFTIME('%s','2022-03-01') ;
ls -lah fail2ban.sqlite3
TMPDIR=/scratch/tmp/ sqlite3 $PWD/fail2ban.sqlite3 "VACUUM ;" && systemctl start fail2ban
ls -lah fail2ban.sqlite3

Configuration

vi /etc/fail2ban/jail.d/jail.local
systemctl reload fail2ban

Whitelist IPs / IP Ranges

/etc/fail2ban/jail.d/jail.local

ignoreip = 127.0.0.1 10.0.0.0/8 192.168.0.0/16

Set default bantime, max allowed failures and different values for e.g. dovecot

/etc/fail2ban/jail.d/jail.local

[DEFAULT]
bantime = 1h
maxretry = 3
[dovecot]
bantime = 24h

Table of Contents

fail2ban

Cleanup oversized fail2ban.sqlite3

Test

Real

Configuration

Whitelist IPs / IP Ranges

Set default bantime, max allowed failures and different values for e.g. dovecot