Tenho milhares de tentativas de violar meu sistema neste log do logwatch?

Estou configurando meus sistemas para enviar relatórios por e-mail. Estou postando um relatório de log (veja abaixo). Este log mostra que existem milhares de tentativas de invasão.

Perguntas:

1. Eu tenho denyhosts e fail2ban instalado, por que eles não bloqueiam o IP's?
2. Existe uma maneira de proibir / listar IPs que aparecem nos registros como aqui?

3. Que passos posso dar contra ataques como este?

   OBSERVAÇÃO: sshd no log e observe que há endereços IP com milhares de tentativas de login.

4. Por que ele diz: "ignorando tentativas máximas", posso configurá-lo para que ele não ignore "tentativas máximas"?

NOTA: o meu sistema é o Fedora 20

Log de amostra

################### Logwatch 7.4.0 (03/01/11) ####################
        Processing Initiated: Tue Sep 16 03:35:07 2014
        Date Range Processed: yesterday
                              ( 2014-Sep-15 )
                              Period is day.
        Detail Level of Output: 0
        Type of Output/Format: mail / text
        Logfiles for Host: Hostname
 ##################################################################

 --------------------- Kernel Begin ------------------------

 WARNING:  Segmentation Faults in these executables
    polkitd :  2 Time(s)

 WARNING:  General Protection Faults in these executables
    traps: polkitd :  6 Time(s)

 WARNING:  Kernel Errors Present
    INFO: recovery required on readonly filesyste ...:  1 Time(s)
    ata2.00: failed to IDENTIFY (I/O error, err_mask=0x100) ...:  14 Time(s)
    ata2.00: failed to IDENTIFY (I/O error, err_mask=0x4) ...:  8 Time(s)
    ata2.00: irq_stat 0x08000000, interface fatal error ...:  10 Time(s)
    ata2: SError: { CommWake DevE ...:  52 Time(s)
    ata2: SError: { LinkSeq } ...:  8 Time(s)
    ata2: SError: { UnrecovData L ...:  2 Time(s)
    res 50/00:03:00:08:00/00:00:00:00:00/a0 Emask 0x10 (ATA bus error) ...:  5 Time(s)

 ---------------------- Kernel End -------------------------


 --------------------- pam_unix Begin ------------------------

 sshd:
    Authentication Failures:
       root (219.138.135.64): 3850 Time(s)
       root (122.225.103.125): 1016 Time(s)
       root (122.225.109.106): 256 Time(s)
       root (122.225.109.205): 194 Time(s)
       root (122.225.109.208): 183 Time(s)
       root (122.225.109.216): 178 Time(s)
       unknown (122.225.109.208): 63 Time(s)
       unknown (122.225.109.106): 57 Time(s)
       unknown (122.225.109.216): 54 Time(s)
       unknown (122.225.109.205): 22 Time(s)
       unknown (113.106.88.235): 14 Time(s)
       bin (113.106.88.235): 1 Time(s)
       nagios (113.106.88.235): 1 Time(s)
       tomcat (113.106.88.235): 1 Time(s)
    Invalid Users:
       Unknown Account: 210 Time(s)
    Unknown Entries:
       service(sshd) ignoring max retries; 6 > 3: 945 Time(s)
       service(sshd) ignoring max retries; 5 > 3: 29 Time(s)
       service(sshd) ignoring max retries; 4 > 3: 6 Time(s)

 su:
    Authentication Failures:
       UserName(1000) -> root: 1 Time(s)
    Sessions Opened:
       UserName -> root: 6 Time(s)

 systemd-user:
    Unknown Entries:
       session opened for user UserName by (uid=0): 1 Time(s)


 ---------------------- pam_unix End -------------------------


 --------------------- Connections (secure-log) Begin ------------------------


 **Unmatched Entries**
    polkitd: <no filename>:0: uncaught exception: Terminating runaway script: 1 Time(s)
    polkitd: Acquired the name org.freedesktop.PolicyKit1 on the system bus: 3 Time(s)
    polkitd: Error evaluating authorization rules: 1 Time(s)
    polkitd: Finished loading, compiling and executing 6 rules: 3 Time(s)
    polkitd: Loading rules from directory /etc/polkit-1/rules.d: 3 Time(s)
    polkitd: Loading rules from directory /usr/share/polkit-1/rules.d: 3 Time(s)
    polkitd: Operator of unix-session:1 successfully authenticated as unix-user:root to gain TEMPORARY authorization for action org.freedesktop.problems.getall for system-bus-name::1.66 [/usr/bin/abrt-applet] (owned by unix-user:UserName): 2 Time(s)
    polkitd: Registered Authentication Agent for unix-session:1 (system bus name :1.70 [/usr/libexec/kde4/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8): 2 Time(s)
    polkitd: Registered Authentication Agent for unix-session:13 (system bus name :1.92 [/usr/libexec/kde4/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8): 2 Time(s)
    polkitd: Terminating runaway script: 1 Time(s)

 ---------------------- Connections (secure-log) End -------------------------


 --------------------- SSHD Begin ------------------------


 Disconnecting after too many authentication failures for user:
    admin : 30 Time(s)
    root : 937 Time(s)

 Failed logins from:
    113.106.88.235: 2 times
    122.225.103.125: 1016 times
    122.225.109.106: 256 times
    122.225.109.205: 194 times
    122.225.109.208: 183 times
    122.225.109.216: 178 times
    219.138.135.64: 3850 times

 Illegal users from:
    undef: 14 times
    113.106.88.235: 15 times
    122.225.109.106: 57 times
    122.225.109.205: 22 times
    122.225.109.208: 63 times
    122.225.109.216: 54 times

 Login attempted when shell does not exist:
    tomcat : 1 Time(s)


 Received disconnect:
    11: Bye Bye [preauth] : 16 Time(s)

 **Unmatched Entries**
 PAM service(sshd) ignoring max retries; 6 > 3 : 945 time(s)
 ecryptfs: pam_sm_authenticate: pam_ecryptfs: Error getting passwd info for user; rc = [0] : 210 time(s)
 PAM service(sshd) ignoring max retries; 4 > 3 : 6 time(s)
 pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "nagios" : 1 time(s)
 PAM service(sshd) ignoring max retries; 5 > 3 : 29 time(s)
 pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "bin" : 1 time(s)
 pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" : 5677 time(s)
 fatal: Write failed: Connection reset by peer [preauth] : 17 time(s)
 pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "tomcat" : 1 time(s)

 ---------------------- SSHD End -------------------------


 --------------------- Sudo (secure-log) Begin ------------------------


 UserName => root
 ----------------
 /bin/yum                       -   2 Time(s).

 ---------------------- Sudo (secure-log) End -------------------------


 --------------------- yum Begin ------------------------


 Packages Installed:
    binutils-2.23.88.0.1-13.fc20.x86_64
    libgomp-4.8.3-1.fc20.x86_64
    perl-Sys-CPU-0.54-5.fc20.x86_64
    VirtualBox-4.3.16-1.fc20.x86_64
    1:make-3.82-19.fc20.x86_64
    glibc-devel-2.18-14.fc20.x86_64
    logwatch-7.4.0-33.20140704svn198.fc20.noarch
    kernel-headers-3.16.2-200.fc20.x86_64
    glibc-headers-2.18-14.fc20.x86_64
    epylog-1.0.7-6.fc20.noarch
    perl-Sys-MemInfo-0.91-8.fc20.x86_64
    akmod-VirtualBox-4.3.16-1.fc20.x86_64
    gcc-4.8.3-1.fc20.x86_64
    dkms-2.2.0.3-25.fc20.noarch
    libgomp-4.8.3-1.fc20.i686
    patch-2.7.1-7.fc20.x86_64

 Packages Erased:
    kmod-VirtualBox-3.15.10-200.fc20.x86_64-4.3.14-1.fc20.6.x86_64
    kmod-VirtualBox-3.16.2-200.fc20.x86_64-4.3.16-1.fc20.x86_64
    kmod-VirtualBox-3.15.10-201.fc20.x86_64-4.3.14-1.fc20.7.x86_64

 ---------------------- yum End -------------------------


 --------------------- Disk Space Begin ------------------------

 Filesystem                                             Size  Used Avail Use% Mounted on
 /dev/mapper/luks-                                      59G   55G  1.3G  98% /
 devtmpfs                                               5.8G     0  5.8G   0% /dev
 /dev/sda2                                              477M  131M  317M  30% /boot
 /dev/sda1                                              200M  9.5M  191M   5% /boot/efi
 /dev/mapper/fedora_Hostname-home                        395G  236G  156G  61% /home

 /dev/mapper/luks- => 98% Used. Warning. Disk Filling up.

 ---------------------- Disk Space End -------------------------


 --------------------- Fortune Begin ------------------------

 One man's brain plus one other will produce one half as many ideas as one
 man would have produced alone.  These two plus two more will produce half
 again as many ideas.  These four plus four more begin to represent a
 creative meeting, and the ratio changes to one quarter as many ...
                -- Anthony Chevins


 ---------------------- Fortune End -------------------------


 --------------------- lm_sensors output Begin ------------------------

 coretemp-isa-0000
 Adapter: ISA adapter
 Physical id 0:  +52.0 C  (high = +100.0 C, crit = +100.0 C)
 Core 0:         +52.0 C  (high = +100.0 C, crit = +100.0 C)
 Core 1:         +51.0 C  (high = +100.0 C, crit = +100.0 C)


 ---------------------- lm_sensors output End -------------------------


 ###################### Logwatch End #########################

EDIT # 1

Aparentemente, fail2ban não estava em execução, achei que era o mesmo que denyhosts , que é configurado automaticamente quando instalado.

Aqui está a saída de fail2ban-client :

root ~ # fail2ban-client status
ERROR  Unable to contact server. Is it running?
root ~ # systemctl start fail2ban
root ~ # fail2ban-client status sshd
ERROR  NOK: ('sshd',)
Sorry but the jail 'sshd' does not exist
root ~ # fail2ban-client status
Status
|- Number of jail:      0
'- Jail list: