[root@webl001t log]# grep -i 'auth.*fail' secure | wc -l
[root@webl001t log]# ls -la secure
-rw------- 1 root root 20338845 Jun 1 12:32 secure
As you can see from the output above, there have been 30909 failed attempts to break in to this web server … one of the perils of running a public web site available to (almost) everyone.
Fail2ban makes this easier, and is available in the official Fedora repository. So, running a simple “yum install fail2ban” and then “service fail2ban start”, “chkconfig fail2ban on” will get you on your way with a standard ruleset for Apache, SSH daemon, and some others. Once someone tries a certain amount of times to break in, their IP is blocked in IPTables. Sounds good to me.
I haven’t dug into it very deeply, but once I get more experience with it I’ll post more.