This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)
yum --enablerepo=clearos-centos,centos-updates-unverified install fail2ban fail2ban-systemd
In ClearOS 7, it is very important the sub package systemd is installed. By default, fail2ban won't do anything out of the box. You need to tell it what to do.
Edit or create a file in /etc/fail2ban/jail.d/99-fail2ban by type in CLI
and put this content.
[ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, firstname.lastname@example.org, email@example.com] maxretry = 2 bantime = 3600
Edit /etc/fail2ban/jail.conf and turn on the enable flag to true. By default all is off.
In nano editor, search all (Ctrl+W+Enter for next search) enabled = false and replace false by true.
This will start blocking. This configuration will ban for 1 hour. To finish, do the following.
systemctl enable fail2ban systemctl start fail2ban