frame
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Sign In RegisterHowdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
- 495 All Categories
- 312 General
- 144 General Discussions
- 67 Feature Request/Bug Report
- 56 Sales Questions and Answers
- 16 Time4VPS Life
- 13 Help requests
- 15 Server management
- 220 Tutorials
- 51 Various Tutorials
- 40 Web hosting control panels
- 40 Performance and Security
- 25 Web Applications
- 44 Linux Applications
- 20 Windows VPS
[For Ubuntu/Debian] Installing "Fail2ban" for protection from brute-force attacks
Lawrence
Member
Introduction
"Fail2ban" checks your server logs to look for patterns that resemble an attack on your servers and services. If your servers are under an active attack, "Fail2ban" bans the IP addresses that these attacks are originating from.
An active attack could be repeated fail attempts to sign onto your servers using SSH protocol with a combination of different users and passwords. These are commonly known as brute force attacks.
When you’re ready to install "Fail2ban" on Ubuntu 16.04, continue below. The steps below will get you started.
Installing
To install the tool on Ubuntu/Debian, run these commands:
After installing the tool, its default configuration file should be installed at this location:
This is the file you’ll need to edit to suite your environments.
Many of the services that are needed to be protected are in the file already under their own sections configured and disabled. You must individually set each of the services that are running on your servers.
Configuring (Optional)
To open the file and begin configuring it, run these commands:
By default, the SSH protocol is enabled and protected. Without further changes, anyone trying to brute force their way into your server will automatically be banned or locked out after 6 tries. "Fail2ban" protects the default protocol ports. If your configure services on your server to use a non-standard port, then you must specify the new port number for the service.
For example, if you change your ssh port number from the default 22 to 2222, you must define it in the configuration.
To enable and protect a service that is running on your server, scroll down to the service section and change the value for Enabled to true.
Legend for configurations
Enabled - simply means that the server is enabled for monitoring by "fail2ban".
Port - is the port number of the service to monitor. By default, "fail2ban" monitors standard ports, so if you changed the port for a service to something other than the standard, you must specify it.
Filter - refers to the rules and strings that "fail2ban" uses to spot an attack against a particular service.
Logpath - refers to the log location that "fail2ban" tracks.. by default it’s the auth.log file. If that’s changed for you OS, you must specify it there too.
Conclusion
You should now be able to configure some basic banning policies for your services. "Fail2ban" is very easy to set up, and is a great way to protect any kind of service that uses authentication.
"Fail2ban" checks your server logs to look for patterns that resemble an attack on your servers and services. If your servers are under an active attack, "Fail2ban" bans the IP addresses that these attacks are originating from.
An active attack could be repeated fail attempts to sign onto your servers using SSH protocol with a combination of different users and passwords. These are commonly known as brute force attacks.
When you’re ready to install "Fail2ban" on Ubuntu 16.04, continue below. The steps below will get you started.
Installing
To install the tool on Ubuntu/Debian, run these commands:
sudo apt-get updatesudo apt-get install fail2ban -yAfter installing the tool, its default configuration file should be installed at this location:
/etc/fail2ban/jail.conf This is the file you’ll need to edit to suite your environments.
Many of the services that are needed to be protected are in the file already under their own sections configured and disabled. You must individually set each of the services that are running on your servers.
Configuring (Optional)
To open the file and begin configuring it, run these commands:
sudo apt-get install nanosudo nano /etc/fail2ban/jail.confBy default, the SSH protocol is enabled and protected. Without further changes, anyone trying to brute force their way into your server will automatically be banned or locked out after 6 tries. "Fail2ban" protects the default protocol ports. If your configure services on your server to use a non-standard port, then you must specify the new port number for the service.
For example, if you change your ssh port number from the default 22 to 2222, you must define it in the configuration.
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6To enable and protect a service that is running on your server, scroll down to the service section and change the value for Enabled to true.
Legend for configurations
Enabled - simply means that the server is enabled for monitoring by "fail2ban".
Port - is the port number of the service to monitor. By default, "fail2ban" monitors standard ports, so if you changed the port for a service to something other than the standard, you must specify it.
Filter - refers to the rules and strings that "fail2ban" uses to spot an attack against a particular service.
Logpath - refers to the log location that "fail2ban" tracks.. by default it’s the auth.log file. If that’s changed for you OS, you must specify it there too.
Conclusion
You should now be able to configure some basic banning policies for your services. "Fail2ban" is very easy to set up, and is a great way to protect any kind of service that uses authentication.
foot
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.