How to Install fail2ban on CentOS in DirectAdmin

How to Install fail2ban on CentOS in DirectAdmin

Login using root

[[email protected]:~ ] $ yum install fail2ban
vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf

Add this to the file dovecot-pop3imap.conf

[Definition]
failregex = dovecot: auth-worker\(default\): sql\(.*,\): unknown user
dovecot: (pop3|imap)-login: Aborted login \(.*\): .*, \[\]
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: auth\(default\): passdb\(.*,\)\: Attempted login with password having illegal chars
dovecot: (pop3|imap)-login: Disconnected \(auth failed, .*\): .*, \[\]
dovecot: (pop3|imap)-login: Aborted login: .*, \[\]
ignoreregex =

Then edit the file jail.conf to enable it.

vi /etc/fail2ban/jail.conf

Add this to the file

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
sendmail-whois[name=dovecot-pop3imap, dest=root, [email protected]]
logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200

Try to start the service

[[email protected]:/etc/fail2ban/filter.d ] $ service fail2ban start
Starting fail2ban: [ OK ]

Make sure service is start while boot up.

chkconfig fail2ban --level=235 on

Check is it working or not.

[[email protected]:/etc/fail2ban/filter.d ] $ service fail2ban status
Fail2ban (pid 13009) is running...
Status
|- Number of jail: 2
`- Jail list: dovecot-pop3imap, ssh-iptables

You can see the attacks getting blocked in /var/log/messages  depending on your value of logtarget in /etc/fail2ban/fail2ban.conf