KING

Fail2Ban - tool to prevent bruteforce attacks to SSH, FTP, SMTP, Apache, etc.

Fail2ban have easy configuration and easy to install.

Lets start:

Command to install Fail2ban:

apt-get install fail2ban

Configuration files are located in:

cd /etc/fail2ban directory.

Find jail.conf file and open it:

pico /etc/fail2ban/jail.conf

Example if you want to enable this tool only on SSH find this line:

[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

and in if you want you can easy configure ban time,
and set option how much times same ip can fail to enter
correct password.

Find lines:

ignoreip = 127.0.0.1 192.168.0.99 there_should_be_your_ip
bantime = 600
maxretry = 3

I think configuration is really easy.
Save jail.conf file CTRL+X y

And restart Fail2Ban
/etc/init.d/fail2ban restart
Logs are located in:
pico /var/log/fail2ban.log

They should look like this example:

2008-06-10 05:35:25,680 fail2ban.actions: WARNING [ssh] Ban 203.177.104.**
2008-06-10 05:45:25,800 fail2ban.actions: WARNING [ssh] Unban 203.177.104.**
2008-06-10 11:31:54,170 fail2ban.actions: WARNING [ssh] Ban 216.133.248.**
2008-06-10 11:41:54,356 fail2ban.actions: WARNING [ssh] Unban 216.133.248.**

Have fun