- Protecting Copssh against brute force attacks is enabled as default.
- Start services win2ban_winlogbeat and win2ban_fail2ban
Sample /var/log/fail2ban.log:
2018-04-05 23:54:28,411 fail2ban.server : INFO -------------------------------------------------- 2018-04-05 23:54:28,411 fail2ban.server : INFO Starting Fail2ban v0.10.2 2018-04-05 23:54:28,442 fail2ban.database : INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2018-04-05 23:54:28,446 fail2ban.jail : INFO Creating new jail 'copssh' 2018-04-05 23:54:28,447 fail2ban.jail : INFO Jail 'copssh' uses poller {} 2018-04-05 23:54:28,447 fail2ban.jail : INFO Initiated 'polling' backend 2018-04-05 23:54:28,448 fail2ban.filter : INFO maxLines: 1 2018-04-05 23:54:28,467 fail2ban.server : INFO Jail copssh is not a JournalFilter instance 2018-04-05 23:54:28,468 fail2ban.filter : INFO Added logfile: '/winlogbeat/logs/eventlog' (pos = 19020, hash = c54619552ccd10f356c0810faec6cdba) 2018-04-05 23:54:28,468 fail2ban.filter : INFO maxRetry: 2 2018-04-05 23:54:28,469 fail2ban.filter : INFO encoding: UTF-8 2018-04-05 23:54:28,469 fail2ban.actions : INFO banTime: 600 2018-04-05 23:54:28,470 fail2ban.filter : INFO findtime: 600 2018-04-05 23:54:28,472 fail2ban.jail : INFO Jail 'copssh' started 2018-04-05 23:55:20,525 fail2ban.filter : INFO Found 192.168.122.13 - 2018-04-05 23:55:19 2018-04-05 23:55:23,787 fail2ban.filter : INFO Found 192.168.122.13 - 2018-04-05 23:55:22 2018-04-05 23:55:23,953 fail2ban.actions : NOTICE Ban 192.168.122.13 2018-04-05 23:58:22,875 fail2ban.actions : NOTICE Unban 192.168.122.13 2018-04-06 00:54:57,531 fail2ban.server : INFO Shutdown in progress... 2018-04-06 00:54:57,531 fail2ban.server : INFO Stopping all jails 2018-04-06 00:54:57,532 fail2ban.filter : INFO Removed logfile: '/winlogbeat/logs/eventlog' 2018-04-06 00:54:58,328 fail2ban.jail : INFO Jail 'copssh' stopped 2018-04-06 00:54:58,332 fail2ban.database : INFO Connection to database closed. 2018-04-06 00:54:58,333 fail2ban.server : INFO Exiting Fail2ban