From ae3ae0b5ba7fb1b3d9eae0d2643613c60cd8f444 Mon Sep 17 00:00:00 2001 From: anoma Date: Mon, 7 Sep 2015 08:36:59 +0100 Subject: [PATCH] Revert to default FAIL2BAN findtime for SSH jail I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned. The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good. --- conf/fail2ban/jail.local | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local index 05d7e1d..682ae0d 100644 --- a/conf/fail2ban/jail.local +++ b/conf/fail2ban/jail.local @@ -4,7 +4,6 @@ [ssh] maxretry = 7 -findtime = 120 bantime = 3600 [ssh-ddos]