yum -y install fail2ban-all systemctl enable fail2ban systemctl start fail2ban ======================================================================== #fail2ban-client status #fail2ban-client status sshd #ignoreip = 127.0.0.1/8 #tailf /var/log/fail2ban.log #iptables -S #iptables -L #fail2ban-client set sshd unbanip 84.241.18.192 #fail2ban-client set axigen unbanip 84.241.18.192 ======================================================================== nano /etc/fail2ban/filter.d/axigen.conf # Fail2Ban filter for axigen # # Revision: 2016040601 # # If you want to protect Axigen from being bruteforced by password # authentication then configure enableSecurityLog = yes in axigen.cfg # and reload configuration. # # Log file: ${AXIGEN_WORK_DIR}/log/security.txt # Log example: 2016-03-08 12:41:29 +0200 02 aximon SECURITY:PROXY_WEBMAIL;0002607C;82.36.25.70;61707;OP_FAIL;root@q.me;Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0;Authentication error; Invalid password # # # Notes: # * Feature introduced by Axigen version 9.0 # * Axigen 9 default separator was ':' # * Axigen 10 default separator switched to ';' (due to IPv6 address format) # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = axigen failregex = ^%(__prefix_line)s.* SECURITY:[0-9A-Z_\-]+[:;][0-9A-F]+[:;][:;][0-9]+[:;]OP_FAIL[:;].*$ ignoreregex = [Init] # "maxlines" is number of log lines to buffer for multi-line regex searches maxlines = 10 ======================================================================== nano /etc/fail2ban/jail.local [DEFAULT] # Ban hosts for one hour: bantime = 3600 # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport [sshd] enabled = true maxretry = 5 [axigen] enabled = true filter = axigen backend = polling logpath = /var/opt/axigen/log/security.txt banaction = iptables-allports maxretry = 5 findtime = 600 bantime = 3600