Protect SSH with Fail2ban
Fail2ban is a daemon that will scan log files and bans IPs that show the malicious activities.
Install Fail2banUbuntu/DebainExecute the following command
--------
apt-get install fail2ban
--------
CentosAs fail2ban is not available from CentOS, we should start by downloading the EPEL repository:
----------
# rpm -Uvh
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm# yum install fail2ban
----------
Once the installation is completed, open the config file and modify it according to your requirement.
# vim /etc/fail2ban/jail.conf
You may see a lot of options in the config file. For example, if you wish to enable ssh log monitoring just search for something like below.
[ssh]
enabled = false
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3Change the enabled section from false to true.
In the similar way, you can enable all other services as well.
To receive email alerts from fail2ban regarding the ip’s that are blocked on server, you need to follow the steps below.
destemail = root@localhostChange the root@localhost to the email address that you wish to set.