Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, curier, ssh, etc). For more info refer to the official web site
How to install Fail2ban. Enable Epel repository first:
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
Enable the remi repository.
Open the file /etc/yum.repos.d/remi.repo and set enable=1 in remi section of the file.
name=Les RPM de remi pour Enterprise Linux $releasever - $basearch
Now install Fail2ban:
yum install fail2ban
Set Fail2ban to start at boot
chkconfig fail2ban on
Copy config file to keep the original backup.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now we have a working config file /etc/fail2ban/jail.local, configure it according to your needs.
service fail2ban start
Now you have working Fail2ban server. To display banned hosts, enter:
To unlock IP, enter
iptables -D fail2ban-ssh 1
Was this answer helpful?
1. Use only strong passwords for all accounts , especially for root. Always use a secure root...
How to change ssh port. Open the file /etc/ssh/sshd_config with your favourite text...
ConfigServer Security & Firewall (CSF) is a powerful iptables configuration tool....
If you want to redirect/nat some traffic to IP 184.108.40.206 via IP 220.127.116.11, it simply can be done...
Installing mysql: yum install mysql-server Enter to mysql: mysql -u user -p password...