David Rees wrote:
On 8/30/06, David Rees <drees76@gmail.com> wrote:
Got fail2ban working, seems to work perfectly. I also used the tips from http://www.the-art-of-web.com/system/fail2ban/ If anyone wants the config file I'm using, let me know. I'm also using it to block sshd attacks too.
I had 2 people email me privately for the configuration, you can find my fail2ban.conf here: http://drees76.blogspot.com/2006/08/fail2ban-dovecot-and-brute-force.html
Great, thanks!
One question - I'm a dummie when it comes to firewalls (in general) or IPTables (in particular) -
In the SSH section, how hard would it be to add a rule to immediately ban any IP that tried to log into SSH as root? I always disable remote root login, and never allow anyone near my box that doesn't know (and agree with the reason) why... so anyone who ever tries to is an unwelcome intruder - and if someone forgets, they'll just have to call me and confess, and I'll have to remove the ban manually.
Anyway, many thanks for this - I'll have to spend some time studying it...
--
Best regards,
Charles