14 Mar

fail2ban setup on Centos

fail2ban is a simple daemon (written in Python, BTW) which monitors your Linux server logs and is able to prevent bruteforce attacks by adding bad IP addresses to iptables. This is a simple self reminder on how to setup it.

yum install fail2ban
vim /etc/fail2ban/jail.conf

If you want fail2ban to only notify you  (and not add them to iptables) modify the configuratio files this way:

action = sendmail-whois[name=SSH, [email protected], [email protected]]

It would be wise to add your IP addresses to be ignored:

ignoreip = 127.0.0.1/8

Start:

service fail2ban start

Enable auto start:

chkconfig fail2ban on

Now if somebody tries to brueforce your SSH you’ll get a mail.



Leave a Reply

Your email address will not be published. Required fields are marked *