Persistent overseas network attacks being performed on my system without my permission inclined me to install fail2ban since cphulkd does not ban ips. I am monitoring a few services for unwelcome penetration attempts. Once the service was started, I noticed it was using extremely high CPU resources. 22 emails after the startup discloses that the SSH server jail is stopped and started.
Here is my fail2ban.conf http://pastebin.com/ptCLmpqm
my jail.conf http://pastebin.com/KDdmTSCL note my email are obscured for obvious security & spam reasons
fail2ban log pastebin(dot)com/rq0cqm9J
In my case, I was running fail2ban only for sshd. My /var/log/auth.log file was huge and configured to rotate only weekly.
I setup daily rotation (and forced the rotation to run immediately, which triggered a permission error).
This did not fix things until I also
With those steps,
sudo fail2ban-client status sshd
showed bans within a few minutes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With