View Single Post
Old 4th August 2009, 14:41
rlischer rlischer is offline
Senior Member
Join Date: Jul 2009
Posts: 121
Thanks: 6
Thanked 1 Time in 1 Post

Originally Posted by gscott187 View Post
In CentOS 5.3 edit the file /etc/fail2ban/jail.conf for the [ssh-iptables] entry such that the line beginning with logpath... is altered to that shown in red below.

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 4

You can view /var/log/secure before you make these changes to verify that SSH attempts are logged here.

After editing jail.conf don't forget to restart fail2ban with the command:

# service fail2ban restart

If you get an OK when fail2ban starts (i.e. the process has started), test it again and see if you're blocked after maxretry attempts.
Thanks! I changed the config, restarted fail2ban. I did verify that /var/log/secure had information in it. I tried to hack in as root with bad passwords, but it keeps letting me try.

The log says I was banned, but it lies:
The IP has just been banned by Fail2Ban after
attempts against .\n\n
Here are more information about :\n
`/usr/bin/whois `\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-04 07:38:10,866 fail2ban.actions.action: INFO Set actionStop = printf %b "Subject: [Fail2Ban] : stopped
From: Fail2Ban <>
To: \n
The jail has been stopped.\n
Fail2Ban" | /usr/sbin/sendmail -f 
2009-08-04 07:38:10,869 fail2ban.actions.action: INFO Set actionStart = printf %b "Subject: [Fail2Ban] : started
From: Fail2Ban <>
To: \n
The jail has been started successfully.\n
Reply With Quote