Thursday, July 18, 2013

Securing SSH Server with fail2ban and Email Notification

I use fail2ban to secure my SSH server, using the following guide

https://help.ubuntu.com/community/Fail2ban

this helps me to ban the IP address and notify me by email of the failed attempt
and I use the following script to notify me by email of the successful login

edit or create /etc/sshd/sshrc

DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`
echo "Subject: SSH Login Successfully" > /tmp/mail.content
echo "$DATE, user $USER just logged in from $IP ($REVERSE)" >> /tmp/mail.content 
sendmail -f "MyBox <fromemail@domain.tld>" -t "Lau, Laurence <me@domain.tld>" -s smtprelay.domain.tld < /tmp/mail.content &