Advanced use of Fail2ban
- Fail2ban can be configured to do many other things.
- In principle, it monitors the log files of your choice, and then triggers actions.
- In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
- Open the file /etc/fail2ban/jail.conf
- It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...
You can start by replacing enabled=false
This document, titled « Protect your SSH server against brute-force attacks », is available under the Creative Commons
license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM