Tag Archives: centos

Technical

Knocking out multiple fail2ban notifications to admin

Ever since I’ve been troubleshooting and tweaking Fail2ban, it seems the ban notifications sent to the server admin email address has steadily increased. For example, a ban event currently sends 5 identical emails to the server admin.

I thought it was my limited understanding of how Fail2ban worked. But I soon realized that the culprit had to be multiple instances of Fail2ban causing the behavior. I had to dig up some Linux/Centos knowledge on how to figure out where to pull up processes (similar to the Windows services and task manager).

To show a master list of processes and pids:
ps aux || less

To display a list of pids with the name “fail2ban”:
pgrep fail2ban

To kill all pids with the name “fail2ban”:
pkill fail2ban

However, this kills all but one server instance of the Fail2ban server. I still had to start the server, reload the configuration and verify the status to ensure that it worked.

Remember to save and reload iptables prior to and after the above operations.

Technical

Hardening SSH/FTP

Or what I learned after reading the logs of brute force attacks on our server.

The logs issued by the Logwatch daemon on our server weren’t pretty…they told a grim tale of the attacks that besieged our server daily. I resolved to do something about it

Fail2ban proved to be an easy install. I just followed the instructions on the 2nd link given, ensuring that I configured a local jail.conf file to store my settings in. I’m not entirely clear on how to read/parse CIDR addresses, but I think I got it right regardless. One thing to remember that’s not listed here is to turn on iptables, if it isn’t already.

# /etc/init.d/iptables start

Now I have to determine if I can tie Fail2Ban to Logwatch.