The following lines were added (+) and removed (-):
=== installation tips ===If you get the error: centos "No package fail2ban available" it is because, as of this writing, CentOS doesn't provide fail2ban. There are a couple ways to get it anyway. I recommend the rpm method mentioned above. ''Didn't you see it before getting this far?''Old Dovecot versions: If you're using Dovecot v1.1 or older, you need to log via syslog. Otherwise log files contain "dovecot: " prefix, which fail2ban doesn't like. v1.2+ no longer have this prefix. You can use syslogging by setting log_path to empty value in dovecot.conf.=== General Configuration ===The initial configuration folder should look like something like this: config/ |-- action.d | |-- dummy.conf | |-- foo.conf | |-- hostsdeny.conf | |-- iptables.conf | |-- mail-whois.conf | `-- mail.conf |-- fail2ban.conf |-- filter.d | |-- apache-auth.conf | |-- sshd.conf | `-- vsftpd.conf `-- jail.conf* filter : a filter defines a regular expression which must match a pattern corresponding to a log-in failure or any other * expression* action : an action defines several commands which are executed at different moments* jail : a jail is a combination of one filter and one or several actions. Fail2ban can handle several jails at the same time* client : refers to the script fail2ban-client* server : refers to the script fail2ban-server=== Configuration for Postfix and Dovecot ===See [[Block SMTP Authentication Attacks With Fail2Ban]] or [[Brute Force Dictionary Attack on Dovecot]] for details and example configurations for Postfix / Dovecot / SASL=== Configuration for SSH ===The default configuration for the SSH filter should not require too much changes. You can adapt the regular expression to meet your needs. Open up the thefail2ban configuration file: vi ./fail2ban/jail.localConfigure the SSH tables section [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=root, sender=[email protected]] logpath = /var/log/secure maxretry = 5=== Configuration for Apache2 Web Server ===You must edit the jail.local file. vi ./fail2ban/jail.localParameters [apache] enabled = true [apache-noscript] enabled = true [apache-overflows] enabled = true /etc/fail2ban/action.d/iptables.conf ./fail2ban/action.d/iptables.confHow long to ban an attacker?Ban Jailed ip addresses nearly permanently - * http://myhosting.com/wiki/index.php?/article/AA-04895/0/fail2ban.html{{:Sparse Page}}The most recent official user manual for fail2ban as of this writing:* http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 {{:Sparse Entry}}