I am using GL-AXT1800 with the latest official firmware. I see that fail2ban is activated, but it seems no jail is active:
root@GL-AXT1800:/tmp/log# fail2ban-client status
|- Number of jail: 0
`- Jail list:
How can I activate fail2ban for SSH failed logins?
To set up fail2ban on GL-AXT1800, you can follow these steps:
Open the configuration file for fail2ban:
/etc/fail2ban/jail.conf. You can use this file as a reference to configure fail2ban on your GL-AXT1800.
One important configuration setting is for the
[dropbear] section. In this section, you can specify the following options:
enabled: set this to
true to enable the fail2ban rule for dropbear.
port: specify the port where dropbear is running.
filter: specify the filter to use for dropbear.
logpath: specify the path to the log file where dropbear logs are written.
maxretry: specify the maximum number of retries before fail2ban blocks the IP address.
bantime: specify the duration of the ban in seconds.
Here is an example configuration:
enabled = true
port = ssh
filter = dropbear
logpath = /var/log/messages
maxretry = 3
bantime = 3600
To allow fail2ban to observe the log file, you need to prepare the log file first. Run this command:
logread -f > /var/log/messages &
This command will start the
logread process and redirect its output to
& at the end of the command will run the command in the background, so you can continue using the terminal.
Without this command, fail2ban server will crash because it won’t have access to the log file.
It seems the jail is working. Last question:
After a reboot of the router, will fail2ban still be executed? I have enabled an automatic reboot every night.
Also, better to set the log to file /var/log/message in Luci instead of the command line.