Admin-Ahead Community
Linux => Server Security & Hardening => Topic started by: rohitj on November 23, 2013, 05:42:14 pm
-
Protect SSH with Fail2ban
Fail2ban is a daemon that will scan log files and bans IPs that show the malicious activities.
Install Fail2ban
Ubuntu/Debain
Execute the following command
--------
apt-get install fail2ban
--------
Centos
As fail2ban is not available from CentOS, we should start by downloading the EPEL repository:
----------
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# yum install fail2ban
----------
Once the installation is completed, open the config file and modify it according to your requirement.
# vim /etc/fail2ban/jail.conf
You may see a lot of options in the config file. For example, if you wish to enable ssh log monitoring just search for something like below.
[ssh]
enabled = false
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
Change the enabled section from false to true.
In the similar way, you can enable all other services as well.
To receive email alerts from fail2ban regarding the ip’s that are blocked on server, you need to follow the steps below.
destemail = root@localhost
Change the root@localhost to the email address that you wish to set.