My Photo

My Photos

« Book: Zen and the Art of Motorcycle Maintenance | Main | How to disable root SSH access to your Linux servers »

01/15/2012

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a0115713636f9970c0168e59a14be970c

Listed below are links to weblogs that reference How to block brute force ssh attacks with fail2ban:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Run the following command to see failed login attempts:

cat /var/log/messages | grep 'Failed password'

And run this command to see when users have successfully logged in:

cat /var/log/secure | grep "sshd" | grep "session opened"

You can see where messages are being logged by looking at /etc/rsyslog.conf

This is for Ubuntu.

kminnick@monitoring:~$ cat /etc/fail2ban/filter.d/nginx-noscript.conf
[Definition]
failregex = open\(\) "/\S*" failed.*client: ,.*
ignoreregex =

$ cat /etc/fail2ban/jail.local
[nginx]
enabled = true
port = http,https
filter = nginx-noscript
logpath = /var/log/nginx/error.log
maxretry = 3

The comments to this entry are closed.

Twitter Updates

    follow me on Twitter