Or what I learned after reading the logs of brute force attacks on our server.
The logs issued by the Logwatch daemon on our server weren’t pretty…they told a grim tale of the attacks that besieged our server daily. I resolved to do something about it
- Securing SSH, a handy guide on the options
- Summarizing the options of securing SSH on CentOS
- A HowTo setup
- Installing Fail2Ban on CentOS by a hosting company
- Installed Fail2Ban
Fail2ban proved to be an easy install. I just followed the instructions on the 2nd link given, ensuring that I configured a local jail.conf file to store my settings in. I’m not entirely clear on how to read/parse CIDR addresses, but I think I got it right regardless. One thing to remember that’s not listed here is to turn on iptables, if it isn’t already.
# /etc/init.d/iptables start
Now I have to determine if I can tie Fail2Ban to Logwatch.