Upon enabling ssh-ddos jail in Fail2ban jail.local you may have the following errors:
Jail ‘sshd-ddos’ skipped, because of wrong configuration: Unable to read the filter ‘sshd-ddos’
and
Found no accessible config files for ‘filter.d/sshd-ddos’
The reason is that [sshd-ddos] jail in fact is served by sshd.conf.
|
1 2 |
filter = sshd |
under [sshd-ddos] section.
Thus the renewed section should look like this:
|
1 2 3 4 5 6 7 8 |
[sshd-ddos] filter = sshd # This jail corresponds to the standard configuration in Fail2ban. # The mail-whois action send a notification e-mail with a whois request # in the body. port = ssh logpath = %(sshd_log)s enabled = true |
Please note the comment under [sshd-ddos] directive that explains the difference:
#This jail corresponds to the standard configuration in Fail2ban.
#The mail-whois action send a notification e-mail with a whois request in the body.
