From 42d657eb54e9f020add7dec30e0f93d59d146a67 Mon Sep 17 00:00:00 2001
From: anoma <AlanNomander@gmail.com>
Date: Mon, 7 Sep 2015 08:28:54 +0100
Subject: [PATCH 1/2] Unnecessary config item, inherited from default jail.conf

---
 conf/fail2ban/jail.local | 1 -
 1 file changed, 1 deletion(-)

diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local
index 8ba5ad0f..05d7e1d1 100644
--- a/conf/fail2ban/jail.local
+++ b/conf/fail2ban/jail.local
@@ -3,7 +3,6 @@
 # JAILS
 
 [ssh]
-enabled  = true
 maxretry = 7
 findtime = 120
 bantime = 3600

From ae3ae0b5ba7fb1b3d9eae0d2643613c60cd8f444 Mon Sep 17 00:00:00 2001
From: anoma <AlanNomander@gmail.com>
Date: Mon, 7 Sep 2015 08:36:59 +0100
Subject: [PATCH 2/2] Revert to default FAIL2BAN findtime for SSH jail

I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.

The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
---
 conf/fail2ban/jail.local | 1 -
 1 file changed, 1 deletion(-)

diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local
index 05d7e1d1..682ae0d8 100644
--- a/conf/fail2ban/jail.local
+++ b/conf/fail2ban/jail.local
@@ -4,7 +4,6 @@
 
 [ssh]
 maxretry = 7
-findtime = 120
 bantime = 3600
 
 [ssh-ddos]