You are here

Fail2ban 0.8.8 configuration to block SSH bruteforce on CENTOS

Random My Youtube Video

Okay, so I'm relatively new to fail2ban and after installing fail2ban from the source tar.gz files, I noticed the that the /etc/fail2ban/jail.conf settings for blocking ssh looked a bit odd concerning the "log" file it was suppose to scan. By default, the configuration looks at the /var/log/sshd.log file which does not exist in CENTOS 5 so after some research, I found out that the log file should be set as /var/log/secure . The clause should look like the following:

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=risharde@gmail.com, sender=fail2ban@dev.risharde.com]
logpath = /var/log/secure
maxretry = 5

In the above, please replace my email address with your email information...

Good luck!

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.