About Fail2ban :

-- Fail2ban is an intrusion prevention software framework that protects Servers from Brute-force Attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

Step: 1. Install Fail2Ban :

Note: Fail2ban is not Available from CentOS, we should start by downloading the EPEL Repository.

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Follow up by Installing Fail2ban :

# yum -y install fail2ban

Step: 2. Copy the Configuration File :

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Step: 3. Configure defaults in Jail.Local :

# vi /etc/fail2ban/jail.local

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 x.x.0.0/16

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1800

# "maxretry" is the number of failures before a host get banned.
maxretry = 3


[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=destinaton@mydomain.com, sender=sender@mydomain.com]
logpath  = /var/log/secure
maxretry = 5

-- Save & Quit (:wq)

Step: 4. Restart Fail2Ban :

# service fail2ban restart
# chkconfig fail2ban on

Step: 5. Change Mail Subject :

# vi /etc/fail2ban/action.d/sendmail-whois.conf


actionstart = printf %%b "Subject: [FAIL2BAN] <name>: started on Server5.mydomain.com
              Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
              From: My Organization <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              My Organization" | /usr/sbin/sendmail -f <sender> <dest>


actionstop = printf %%b "Subject: [FAIL2BAN] <name>: stopped on Server5.mydomain.com
             Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
             From: My Organization <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             My Organization" | /usr/sbin/sendmail -f <sender> <dest>


actionban = printf %%b "Subject: [FAIL2BAN] <name>: banned <ip> on Server5.mydomain.com (192.168.72.142)
            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
            From: My Organization <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned on Server2.mydomain.com (192.168.72.142) for 30 Minutes by My Organization after
            <failures> attempts against <name>.\n\n
            Here are more information about http://www.whatismyipaddress.com/ip/<ip> \n
#            `/usr/bin/whois <ip>`\n
            Regards,\n
            My Organization" | /usr/sbin/sendmail -f <sender> <dest>

-- Save & Quit (:wq)

Step: 6. Restart Fail2Ban Service :

# service fail2ban restart

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog