Fail2ban is an intrusion prevention framework. It's main purpose is to block IP addresses belonging to hosts that are trying to breach the system's security. I highly recommend any linux administrator to implement this software. In my example, I will be installing Fail2ban on Ubuntu 10.04 64 bit Server Edition. I will be utilizing Fail2ban for SSH and Pure-FTPd.

To begin, install Fail2ban by running the following command:

sudo apt-get install fail2ban

By default, Fail2ban is Ubuntu friendly, meaning that it is configured to ban IP's after 6 failed SSH attempts. You can verify that it is enabled by viewing the contents of /etc/fail2ban/jail.conf:

cat /etc/fail2ban/jail.conf

Make sure that this section is in there and that it is set to true:

[ssh]

enabled = true

port = ssh

filter = sshd

logpath = /var/log/auth.log

maxretry = 6

To configure Fail2ban for Pure-FTPd, run the following commands:

sudo vim /etc/fail2ban/jail.conf

Add the following lines to the section labeled "FTP servers":

[pure-ftpd]

enabled = true

port = ftp,ftp-data,ftps,ftps-data

filter = pure-ftpd

logpath = /var/log/messages

maxretry = 5

Now restart Fail2ban:

sudo /etc/init.d/fail2ban restart

That's all there is to installing Fail2ban. It now blocks IP's after to many failed SSH or FTP attempts. As you see, it's very simple to setup. If you would like to see which IP's are blocked, remove IP's from the blocked list, or change blocked IP time, continue on with this tutorial:

http://itswapshop.com/content/how-view-and-remove-banned-ips-fail2ban-ubuntu-1004

Feel free to leave any comments or questions.