fail2ban setup on Centos

fail2ban is a simple daemon (written in Python, BTW) which monitors your Linux server logs and is able to prevent bruteforce attacks by adding bad IP addresses to iptables. This is a simple self reminder on how to setup it.

yum install fail2ban
vim /etc/fail2ban/jail.conf

If you want fail2ban to only notify you  (and not add them to iptables) modify the configuratio files this way:

action = sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]

It would be wise to add your IP addresses to be ignored:

ignoreip = 127.0.0.1/8

Start:

service fail2ban start

Enable auto start:

chkconfig fail2ban on

Now if somebody tries to brueforce your SSH you’ll get a mail.