What is Fail2Ban

W

A permanently connected server is a chosen target for external attacks. Although using a firewall reduces the risk of attacks, to control password-protected access to one or more unsuccessful connection requests, we use Fail2Ban that is highly effective for Bruteforce attacks. Fail2ban is a tool that bans IPs that try to log in with SSH with the wrong user/pass. When we talk about hosting security, the question that any server administrator should ask is not whether someone will try to attack the server, but when it will try to do so. If you are ready for an attack, you can save your sites from a potential compromise.

An effective intrusion prevention tool designed specifically for dedicated servers and VPS is Fail2Ban.

To install Fail2Ban on a Red Hat Enterprise Linux or CentOS operating system, you will need to add a third party repository, such as RPMForge or EPEL, because the software is not included in the default repository of these Linux distributions. Once you have done this, you can run the yum command to install Fail2Ban: # yum install fail2ban

After installation, there are a few basic settings that you should check. You can find the configuration file in /etc/fail2ban/jail.conf. Here are some useful configuration options:

1. ignoreip: You can add in your whitelist the IP addresses that should not be blocked. At least, add your own IP addresses.

2. bantime: This is the time that a suspected IP address stays banned (in seconds). The default value is 600 seconds.

3. maxretry: The maximum number of login attempts before an IP is banned.

4. findtime: After a host attempts to log in, findtime is the length of time for which maxretry is applied. If maxretry is “3” and findtime is “600”, a user who has 3 unsuccessful login attempts in a 10 minute window will be banned.

Fail2Ban will not eliminate all security issues, but at least it can help prevent unauthorized login attempts on a dedicated server or VPS. The fail2ban service has many other possible configurations including e-mail configurations. If you want to configure your email alerts, you can write the value action_ to action_mw. If you want your email to include relevant login lines, you can change to action_mwl. You will need to make sure you have the appropriate email settings configured if you choose to use email alerts: action = $(action_)s This parameter sets the action that Fail2ban takes when it wants to set a ban. The action_ value is defined in the file shortly before this parameter. The default action is to simply set up the firewall to reject the hostile traffic of the webhost until the lock passes.

You should know that a service like File2ban works as it was set up. Start by using systemctl to check the status of the service.

You will now be able to configure some basic policies to ban your services. Fail2Ban is very easy to set up and is a good way to protect any type of service that uses authentication.

About the author

Ilias spiros
By Ilias spiros

Recent Posts

Archives

Categories