DaveQB's Rambles

I had some issues getting fail2ban working on my CentOS server. I finally worked out some core rules with setting this up. By the way, the manual is here and is helpful.

The fail2ban.conf file is the main file and doesn't need to be edited much normally. Setting the log level up higher here helps debugging.
The jail.conf file is where you do all your work. Here you definte a rule with brackets like so [apache]. Then we have key words. the one I had issue with was the filter setting. I thought the title, in the brackets is the name that linked to the regex file but it is in fact the filter option. So setting the filter to equal a name means you want to call that file (plus a .conf) from the filter.d/ dir. For example, "filer = apache" would mean this rule calls the filter.d/apache.conf file. The action setting sets what happens on a match. You can have many actions with each action on its own line. For example:

action   = hostsdeny[file=/etc/hosts.deny]
           iptables[name=sasl, port=smtp, protocol=tcp]
	   sendmail[name=Postfix, dest=me@email.com]

Log path means the log this rule is watching. So this is important too. Setting it to the current log means old logs won't be processed and you won't have previously banned IP's banned again.
That is about it.