fail2ban content

xml/security_ssh.xml

@@ -1802,4 +1802,25 @@ cd path                            Change remote directory to 'path'
    </varlistentry>
   </variablelist>
  </sect1>
+ <sect1 xml:id="sec-security-ssh-fail2ban">
+  <title>Stopping SSH Brute Force Attacks with Fail2Ban</title>
+  <para> An SSH brute force attack involves repeat trials of username and
+    password combinations until the attacker gains access to the remote server.
+    The attacker uses automated tools that tests various username and password combinations
+    effectively to compromise a server.
+ </para>
+ <para>You can use <emphasis>Fail2Ban</emphasis>software to limit intrusion attempts.
+  <emphasis>Fail2Ban</emphasis> scans the system logs to detect failed connections
+  and trigger an action, such as blocking the IP at the firewall level.
+<emphasis>Fail2Ban</emphasis>is used only to protect services that require a username and password authentication.</para>
+  <sect2 xml:id="sec-ssh-what-fail2ban" >
+  <title>What is <emphasis>Fail2Ban</emphasis>?</title>
+  <para><emphasis>Fail2Ban</emphasis> scans the log files in <filename>/var/log/apache/error_log</filename>
+    and bans the IPs that indicate malicious signs, such as too many password attempts etc.
+    You can then use <emphasis>Fail2Ban</emphasis> update firewall rules to reject the IP addresses
+    for a specified amount of time.</para>
+    <para><emphasis>Fail2Ban</emphasis>comes with filters for various services, such as Apache,SSH,Courier etc.
+    You can use <emphasis>Fail2Ban</emphasis> to minimize the rate of incorrect authentications attempts.</para>
+  </sect2>
+   </sect1>
 </chapter>