this post was submitted on 14 Aug 2023
463 points (96.2% liked)
Selfhosted
60366 readers
957 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Honestly the default config is good enough to prevent brute force attacks on ssh. Just installing it and forgetting about it is a definite option.
I think the default block time is 10 minutes after 5 failed login attempts in 10 minutes. Not enough to ever be in your way but enough to fustrate any automated attacks. And it's got default config for a ton of services by default. Check your /etc/fail2ban/jail.conf for an overview.
I see that a recidive filter that bans repeat offenders for a week after 10 fail2ban bans in one day is also default now. So I'd say that the results are perfect unless you have some exotic or own service you need fail2ban for.