View Single Post
Old 4th August 2009, 14:19
gscott187 gscott187 is offline
Junior Member
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default fail2ban SSH

In CentOS 5.3 edit the file /etc/fail2ban/jail.conf for the [ssh-iptables] entry such that the line beginning with logpath... is altered to that shown in red below.

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 4

You can view /var/log/secure before you make these changes to verify that SSH attempts are logged here.

After editing jail.conf don't forget to restart fail2ban with the command:

# service fail2ban restart

If you get an OK when fail2ban starts (i.e. the process has started), test it again and see if you're blocked after maxretry attempts.
Reply With Quote