Hi, I need some help on understanding how to implement Fail2Ban with ipfw(8).
I have Fail2Ban installed and have setup ipfw(8).
I have Apache, Postfix, Dovecot, MySQL, SSH / sftp running on my server.
With ipfw I have MySQL, SSH / sftp to only permit IP addresses from my networks only.
The logs for Apache I have separate logs for each domain and currently there's only 2 domains I use.
I don't know where dovecot and Postfix logs the login details or failures. I do know /var/log/mail.log which normally shows errors. I don't know if the login failures are logged there. I installed both using the default paths.
For Apache do I need to use Fail2Ban? or can I write code to ban IP's based on failed logins to my websites? What is Fail2Ban looking for in the Apache logs? Can it detect a potential DDoS or DoS attack?
I need some guidance since this is my first time using UNIX firewalls and first time using Fail2Ban. I need to secure my servers after about 10 failed attempts were detected to hack my servers. It came from a hacker in the U.S. and on top of that had lots of traffic coming from China.
I don't want to make a mistake configuring Fail2Ban.
I have Fail2Ban installed and have setup ipfw(8).
I have Apache, Postfix, Dovecot, MySQL, SSH / sftp running on my server.
With ipfw I have MySQL, SSH / sftp to only permit IP addresses from my networks only.
The logs for Apache I have separate logs for each domain and currently there's only 2 domains I use.
I don't know where dovecot and Postfix logs the login details or failures. I do know /var/log/mail.log which normally shows errors. I don't know if the login failures are logged there. I installed both using the default paths.
For Apache do I need to use Fail2Ban? or can I write code to ban IP's based on failed logins to my websites? What is Fail2Ban looking for in the Apache logs? Can it detect a potential DDoS or DoS attack?
I need some guidance since this is my first time using UNIX firewalls and first time using Fail2Ban. I need to secure my servers after about 10 failed attempts were detected to hack my servers. It came from a hacker in the U.S. and on top of that had lots of traffic coming from China.
I don't want to make a mistake configuring Fail2Ban.