fail2ban and persistence
Originally Posted by akhilesh_03
Thak you all for your reply.
I will be thankful if you all could provide me some links related how to use fail2ban.
the default install from repos on most OSs will start working with ssh log scanning.
I suggest doing this in a Virtual Machine or VM.
You will need to install it and see that it works. Use a Search Engine to find example of how to test your fail2ban install using ssh,
3 times should get your IP banned in a default fail2ban install/setup.
You can modify any filter provided by the install to suit your needs and you'll need to focus on the filter.d/<my_filter.conf> contents to see if the filter is valid and my blog entry shows you how to test it using "fail2ban-regex".
The /etc/fail2ban/filter.d/w00tw00t.conf example filter in my blog entry is just a copy of another stock provided /etc/fail2ban/filter.d/*.conf that has been modified.
I can't stress enough doing this in a Virtual environment while you become acclimated to the software.
If you don't have the resources for a Virtual Machine, the default install and config is safe enough Out of the Box to use on any system for ssh protection and can easily be modified as a copy to scan Apache Logs for matching criteria.
The /etc/fail2ban/action.d/<my_action.conf> is also just a copy of another stock provided /etc/fail2ban/acion.d/*.conf that you will need to modify to only mail you the results.
Please let us know,
Subscribed with interest.