So, I was figuring, because of all the brute force attacks on my servers that I would bother to install fail2ban. Something even better than this would be to change the port your SSH runs on..<\/p>\n
Step 1. Install Fail2ban
\nUbuntu and Debian Systems<\/p>\n
\r\napt-get install fail2ban\r\n<\/pre>\nRedhat, Fedora and CentOS based Systems<\/p>\n
\r\nyum install fail2ban\r\n<\/pre>\nStep 2. Copy the reference config file and edit it in Vi (or nano)<\/p>\n
\r\ncp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\r\nvi \/etc\/fail2ban\/jail.local\r\n<\/pre>\nStep 3. Configure bantime (default 600seconds), and the max_retry (3 attempts).
\nIf someone tries to connect 3 times or more with the wrong password, they’ll be added to IPTABLES DROP rule for 600 seconds <\/italic><\/p>\n \r\n# \"bantime\" is the number of seconds that a host is banned.\r\nbantime = 600\r\n\r\nmaxretry = 3\r\n\r\n<\/pre>\nBy default fail2ban starts banning people on SSH immediately, but I found it was also possible to configure fail2ban to block ip addresses attempting to brute force hack my email accounts, here is how I did it.<\/p>\n
\r\n[sasl]\r\n\r\nenabled = false\r\nport = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s\r\nfilter = postfix-sasl\r\n# You might consider monitoring \/var\/log\/mail.warn instead if you are\r\n# running postfix since it would provide the same log lines at the\r\n# \"warn\" level but overall at the smaller filesize.\r\nlogpath = \/var\/log\/mail.log\r\n\r\n<\/pre>\nIt’s possible to alter this configuration but for most people the logpath for SSH is auth.log<\/p>\n
\r\n[ssh]\r\n\r\nenabled = true\r\nport = ssh\r\nfilter = sshd\r\nlogpath = \/var\/log\/auth.log\r\nmaxretry = 6\r\n\r\n<\/pre>\nStep 4: Restart the Fail2ban service<\/p>\n
\r\n# most init.d based systems\r\n\/etc\/init.d\/fail2ban restart\r\n# some systemD systems\r\nservice fail2ban restart\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"So, I was figuring, because of all the brute force attacks on my servers that I would bother to install fail2ban. Something even better than this would be to change the port your SSH runs on.. Step 1. Install Fail2ban … Continue reading