First, install Gamin so that Fail2ban can detect modification to the log files:
# pacman -S gamin
Then, install Template:Package Official:
# pacman -S fail2ban
If you want Fail2ban to send an email when someone has been banned, you have to configure SSMTP (for example). You will also have to install Template:Package Official to get some information about the attacker.
# pacman -S whois
Now you can start the
# /etc/rc.d/fail2ban start
You can add it into DAEMONS array in Template:Filename:
DAEMONS=(... fail2ban ...)
Edit Template:Filename and modify the ssh-iptables section to enable it and configure the action.
If your firewall is iptables:
[ssh-iptables] enabled = true filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, firstname.lastname@example.org, email@example.com] logpath = /var/log/auth.log maxretry = 5
If your firewall is shorewall:
[ssh-shorewall] enabled = true filter = sshd action = shorewall sendmail-whois[name=SSH, firstname.lastname@example.org, email@example.com] logpath = /var/log/auth.log maxretry = 5
Also do not forget to add/change:
in your Template:Filename. Else, password failures are not logged correctly.