Linux - VSFTPD Brute Force Attacks

yum install fail2ban

vi /etc/fail2ban.conf

[VSFTPD]
enabled = true
logfile = /var/log/vsftpd.log
port = ftp

timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = FAIL LOGIN

fwstart = iptables -N fail2ban-ftp
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ftp
iptables -A fail2ban-ftp -j RETURN

fwend = iptables -D INPUT -p tcp --dport ftp -j fail2ban-ftp
iptables -F fail2ban-ftp
iptables -X fail2ban-ftp

fwcheck = iptables -L INPUT | grep -q fail2ban-ftp

fwban = iptables -I fail2ban-ftp 1 -s -j DROP

fwunban = iptables -D fail2ban-ftp -s -j DROP


vi /etc/vsftpd/vsftpd.conf


xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
#log_ftp_protocol=YES
dual_log_enable=YES
use_localtime=YES


service fail2ban start

Comments