I recall others on this list are using fail2ban to block brute force login attempts. Packages are from the EPEL repo, so I'm just sharing some knowledge here.
For about two months now I've had a CentOS 6.3 box (web host) in production that occasionally is ftp brute forced. Oddly enough fail2ban wasn't nabbing the perpetrators. I found that the iptables chain for VSFTP isn't created for one.
I have finally come to find [0] that indicates there's a problem with the inotify backend. Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables chain I expect to find and one blocked host.
Hope this is helpful to somebody until a new version is commited to EPEL.
<quote> yarikoptic: ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that branch seems to work just perfect. If I hear no complaints or do not see problem with my instance -- I will merge it into master tomorrow, thus closing this issue </quote>
[0] https://github.com/fail2ban/fail2ban/issues/44
---~~.~~--- Mike // SilverTip257 //