Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Protect SSH with Fail2ban  (Read 3374 times)

0 Members and 1 Guest are viewing this topic.

rohitj

  • Guest
Protect SSH with Fail2ban
« on: November 23, 2013, 05:42:14 pm »
Protect SSH with Fail2ban


Fail2ban is a daemon that will scan log files and bans IPs that show the malicious activities.

Install Fail2ban

Ubuntu/Debain

Execute the following command

--------
apt-get install fail2ban
--------

Centos

As fail2ban is not available from CentOS, we should start by downloading the EPEL repository:

----------
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# yum install fail2ban
----------

Once the installation is completed, open the config file and modify it according to your requirement.

# vim /etc/fail2ban/jail.conf

You may see a lot of options in the config file. For example, if you wish to enable ssh log monitoring just search for something like below.

[ssh]

enabled  = false
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3


Change the enabled section from false to true.

In the similar way, you can enable all other services as well.

To receive email alerts from fail2ban regarding the ip’s that are blocked on server, you need to follow the steps below.

destemail = root@localhost

Change the root@localhost to the email address that you wish to set.