proofreading

This commit is contained in:
Asif Bacchus 2019-05-21 07:49:50 -06:00
parent c28f141312
commit 7bd38a8bad

View File

@ -11,27 +11,19 @@
## Overview ## Overview
This is a basic set up for Fail2Ban on an system that is directly exposed to the This is a basic set up for Fail2Ban on an system that is directly exposed to the internet (i.e. not behind a separate firewall).
internet (i.e. not behind a separate firewall).
**This set-up assumes you are using UFW as your firewall front-end and it is **This set-up assumes you are using UFW as your firewall front-end and it is working correctly.**
working correctly.**
In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK In addition to the standard SSHd jail, a separate jail that monitors UFW BLOCK reports (i.e. connection attempts to closed ports, etc.) is activated. This should aid in blocking 'script-kiddies' and port-scanning attacks, reducing the resources your server has to allocate to processing bogus requests. F2B will automatically create UFW rules to drop connections from systems that try to make repeated invalid connection attempts and then remove the block automatically after the 'bantime' has expired. A special jail is also created for repeat offenders with much longer bantimes as an option.
reports (i.e. connection attempts to closed ports, etc.) is activated. This
should aid in blocking 'script-kiddies' and port-scanning attacks, reducing the
resources your server has to allocate to processing bogus requests. F2B will
automatically create UFW rules to drop connections from systems that try to make
repeated invalid connection attempts and then remove the block automatically
after the 'bantime' has expired. A special jail is also created for repeat offenders with much longer bantimes as an option.
## Documentation ## Documentation
Please consult the wiki for this repo for detailed instructions, explanations and reasoning behind every customization that is included in the configuration files in this repo. For a quick-start, just use this readme. More details can also be found on [my blog](https://mytechiethoughts.com). Also, all the configuration files are commented so you can just read those if you're already familiar with how F2B works. Please consult the [wiki for this repo](https://git.asifbacchus.app/asif/fail2banUFW/wiki) for detailed instructions, explanations and reasoning behind every customization that is included in the configuration files in this repo. For a quick-start, just use this readme. More details can also be found on [my blog](https://mytechiethoughts.com). Also, all the configuration files are commented so you can just read those if you're already familiar with how F2B works.
## Getting set up ## Getting set up
If you need help getting Fail2Ban installed before using this repo to customize it, please see [this wiki post](https://git.asifbacchus.app/asif/fail2banUFW/wiki/02.-Installing-Fail2Ban) If you need help getting Fail2Ban installed before using this repo to customize it, please see [this wiki post](https://git.asifbacchus.app/asif/fail2banUFW/wiki/02.-Installing-Fail2Ban).
Setup is very simple, especially using the included convenience script which will take care of backing up your existing configuration and copying customized files to the proper locations for you. Setup is very simple, especially using the included convenience script which will take care of backing up your existing configuration and copying customized files to the proper locations for you.
@ -48,7 +40,7 @@ Setup is very simple, especially using the included convenience script which wil
sudo ./f2b-config.sh sudo ./f2b-config.sh
``` ```
If you're fail2ban configuration files are located somewhere other than */etc/fail2ban/* then you can pass that location to the script as a parameter. Let's assume */opt/fail2ban/* for this example (trailing slash is optional): If your fail2ban configuration files are located somewhere other than */etc/fail2ban/* then you can pass that location to the script as a parameter. Let's assume */opt/fail2ban/* for this example (trailing slash is optional):
```bash ```bash
./f2b-config.sh /opt/fail2ban/ ./f2b-config.sh /opt/fail2ban/