The following lines were added (+) and removed (-):
The initial configuration folder should look like something like this: config/ |-- action.d | |-- dummy.conf | |-- foo.conf | |-- hostsdeny.conf | |-- iptables.conf | |-- mail-whois.conf | `-- mail.conf |-- fail2ban.conf |-- filter.d | |-- apache-auth.conf | |-- sshd.conf | `-- vsftpd.conf `-- jail.conf* filter : a filter defines a regular expression which must match a pattern corresponding to a log-in failure or any other * expression* action : an action defines several commands which are executed at different moments* jail : a jail is a combination of one filter and one or several actions. Fail2ban can handle several jails at the same time* client : refers to the script fail2ban-client* server : refers to the script fail2ban-serverThe default configuration for the SSH filter should not require too much changes. You can adapt the regular expression to meet your needs. Open up the thefail2ban configuration file: vi ./fail2ban/jail.localConfigure the SSH tables section [ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, dest=root, sender=[email protected]] logpath = /var/log/secure maxretry = 5 /etc/fail2ban/action.d/iptables.conf ./fail2ban/action.d/iptables.confHow long to ban an attacker?Ban Jailed ip addresses nearly permanently - * http://myhosting.com/wiki/index.php?/article/AA-04895/0/fail2ban.htmlThe most recent official user manual for fail2ban as of this writing:* http://www.fail2ban.org/wiki/index.php/MANUAL_0_8