About Fail2ban :
-- Fail2ban is an intrusion prevention software framework that protects Servers from Brute-force Attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.
Step: 1. Install Fail2Ban :
Note: Fail2ban is not Available from
CentOS, we should start by downloading the
EPEL Repository.
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Follow up by Installing Fail2ban :
# yum -y install fail2ban
Step: 2. Copy the Configuration File :
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Step: 3. Configure defaults in Jail.Local :
# vi /etc/fail2ban/jail.local
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 x.x.0.0/16
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 1800
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=destinaton@mydomain.com, sender=sender@mydomain.com]
logpath = /var/log/secure
maxretry = 5
-- Save & Quit (:wq)
Step: 4. Restart Fail2Ban :
# service fail2ban restart
# chkconfig fail2ban on
Step: 5. Change Mail Subject :
# vi /etc/fail2ban/action.d/sendmail-whois.conf
actionstart = printf %%b "Subject: [FAIL2BAN] <name>: started on Server5.mydomain.com
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: My Organization <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been started successfully.\n
Regards,\n
My Organization" | /usr/sbin/sendmail -f <sender> <dest>
actionstop = printf %%b "Subject: [FAIL2BAN] <name>: stopped on Server5.mydomain.com
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: My Organization <<sender>>
To: <dest>\n
Hi,\n
The jail <name> has been stopped.\n
Regards,\n
My Organization" | /usr/sbin/sendmail -f <sender> <dest>
actionban = printf %%b "Subject: [FAIL2BAN] <name>: banned <ip> on Server5.mydomain.com (192.168.72.142)
Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
From: My Organization <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned on Server2.mydomain.com (192.168.72.142) for 30 Minutes by My Organization after
<failures> attempts against <name>.\n\n
Here are more information about http://www.whatismyipaddress.com/ip/<ip> \n
# `/usr/bin/whois <ip>`\n
Regards,\n
My Organization" | /usr/sbin/sendmail -f <sender> <dest>
-- Save & Quit (:wq)
Step: 6. Restart Fail2Ban Service :
# service fail2ban restart
Thanks For Visiting on My Blog, For More Tutorials Keep Visiting
My Blog