View Single Post
  #4  
Old 4th August 2009, 13:19
gscott187 gscott187 is offline
Junior Member
 
Join Date: Jul 2009
Posts: 17
Thanks: 1
Thanked 5 Times in 4 Posts
Default fail2ban SSH

In CentOS 5.3 edit the file /etc/fail2ban/jail.conf for the [ssh-iptables] entry such that the line beginning with logpath... is altered to that shown in red below.

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=me@mysystem.com, sender=fail2ban@mysystem.com]
logpath = /var/log/secure
maxretry = 4


You can view /var/log/secure before you make these changes to verify that SSH attempts are logged here.

After editing jail.conf don't forget to restart fail2ban with the command:

# service fail2ban restart

If you get an OK when fail2ban starts (i.e. the process has started), test it again and see if you're blocked after maxretry attempts.
Reply With Quote