Fail2ban is a program that examines specific system logs in order to ban suspicious activity from IP addresses, which could potentially lead to a failure or attack. It searches for regular expressions declared in the
*.conf files under the
/etc/fail2ban/filter.d/ folder. If a condition is matched, it will add the suspicious IP address to the Linux kernel's firewall (iptables) and block it after a certain number of retries and for a certain period of time, sending an e-mail address to the administrator. These actions are defined in the
jail.conf file, which is situated in the
/etc/fail2ban/ folder. Fail2ban and iptables come installed in Elastix by default. In case it is not installed, we can simply do it by typing
yum -y install ...