My Photo

My Photos

« Book: Zen and the Art of Motorcycle Maintenance | Main | How to disable root SSH access to your Linux servers »



TrackBack URL for this entry:

Listed below are links to weblogs that reference How to block brute force ssh attacks with fail2ban:


Feed You can follow this conversation by subscribing to the comment feed for this post.

Run the following command to see failed login attempts:

cat /var/log/messages | grep 'Failed password'

And run this command to see when users have successfully logged in:

cat /var/log/secure | grep "sshd" | grep "session opened"

You can see where messages are being logged by looking at /etc/rsyslog.conf

This is for Ubuntu.

kminnick@monitoring:~$ cat /etc/fail2ban/filter.d/nginx-noscript.conf
failregex = open\(\) "/\S*" failed.*client: ,.*
ignoreregex =

$ cat /etc/fail2ban/jail.local
enabled = true
port = http,https
filter = nginx-noscript
logpath = /var/log/nginx/error.log
maxretry = 3

The comments to this entry are closed.

Twitter Updates

    follow me on Twitter