Jump to navigation

win2ban

How can I verify if a ban rule is in effect for a specific jail ?

Initiate win2ban-shell at the root of the installation directory and issue the command below (example jail win2ban-network-logon):

$ fail2ban-client status win2ban-network-logon

Status for the jail: win2ban-network-logon

|- Filter

Read more about How can I verify if a ban rule is in effect for a specific jail ?

How can I unban IP-address(es) manually

Initiate win2ban-shell at the root of the installation directory

Command to unban specific addresses:

fail2ban-client unban ip-address ip-address ...

Command to unban all IP-addresses:

fail2ban-client unban --all

Read more about How can I unban IP-address(es) manually

How can I configure Win2ban for brute force attacks against Copssh ?

Protecting Copssh against brute force attacks is enabled as default.

Start services win2ban_winlogbeat and win2ban_fail2ban

Sample /var/log/fail2ban.log:

Read more about How can I configure Win2ban for brute force attacks against Copssh ?

How can I configure Win2ban for Windows Remote desktop/Network logons?

Protecting RDP/Network logins against brute force attacks is enabled as default.

Start services win2ban_winlogbeat and win2ban_fail2ban

Sample /var/log/fail2ban.log:

Read more about How can I configure Win2ban for Windows Remote desktop/Network logons?

How to handle large log files effectively ?

Try to append the option tail to the logpath parameter of your jail definition. Win2ban will then start to read from the end of the file instead of from the beginnning. Visit Fail2ban man page https://www.systutorials.com/docs/linux/man/5-jail.conf and search for tail for more information.

Read more about How to handle large log files effectively ?

Release news

2024-12-28 Win2ban 2.0.5

2024-11-25 Copssh client 8.0.0

2024-11-17 Logwot8 3.2.1

2024-11-17 Wrbldnsd 5.0.2