From f71bdbf59381c9acd30cfccc2a25d2786fab1e2c Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Tue, 21 May 2019 07:06:30 -0600 Subject: [PATCH] Update page '7. Jails' --- 7.-Jails.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/7.-Jails.md b/7.-Jails.md index 139553d..1517f1e 100644 --- a/7.-Jails.md +++ b/7.-Jails.md @@ -2,7 +2,7 @@ F2B uses '*jail configurations*' specified either in *jail.conf*, *jail.local* or in */jail.d/\*.conf*. The latter is my preference since it allows for each jail to be contained in it's own configuration file which makes debugging and maintaining them much easier. These are two that are configured in this repo. The recidivist jail has it's [own page](insert link here). -## sshd (jail.d/ssh.conf) +## sshd (*jail.d/ssh.conf*) I usually just define a basic jail for *sshd* which is the default SSH server on Debian/Ubuntu. You can add additional SSH jails as you wish to this file, but I keep it pretty simple. One note, I run my SSH server on a non-standard port (default is port 22), so be sure you fill in the correct port for your environment such as my example below of port 222: @@ -21,7 +21,7 @@ logpath = /path/to/your/log.file ... ``` -## UFW port probing +## UFW port probing (*jail.d/ufw-probe.conf*) This is probably the part you are really looking for in this entire set-up. We will create a custom jail that monitors UFW's logs for any mention of *[UFW BLOCK]* and then proceeds to ban those systems attempting to connect to blocked ports as per your timeframe settings. I've commented the ufw-probe file but I'll run though it here also for convenience.