You are here

Fail2ban 0.8.8 configuration to block SSH bruteforce on CENTOS

Okay, so I'm relatively new to fail2ban and after installing fail2ban from the source tar.gz files, I noticed the that the /etc/fail2ban/jail.conf settings for blocking ssh looked a bit odd concerning the "log" file it was suppose to scan. By default, the configuration looks at the /var/log/sshd.log file which does not exist in CENTOS 5 so after some research, I found out that the log file should be set as /var/log/secure . The clause should look like the following:

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=risharde@gmail.com, sender=fail2ban@dev.risharde.com]
logpath = /var/log/secure
maxretry = 5

In the above, please replace my email address with your email information...

Good luck!