There was a problem loading the comments.

How to install Fail2ban on Linux to protect against brute force attacks

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

How to install Fail2ban on Linux to protect against brute force attacks

Fail2ban is an open-source intrusion prevention software that can be used to protect your server from brute-force attacks.

It does this by scanning log files and bans IP addresses that exhibit malicious behavior, such as repeated failed login attempts.

Fail2ban is an excellent way to provide another layer of security to your server however, it is not a substitute for strong passwords and other security measures such as firewalls.

 

Here are the steps to install Fail2ban:

  1. Update your package manager:

    9b18802b86ba88582a3ada7e9034ad304fbb7f9b311a957d8dee519dd6b2dada872a1eea980f3341?t=68a08056d225fb3fc066ddafad116729

  2. Install Fail2ban using the package manager:

    1b5e8bee28a22ee452730c7b32374a676c85950bc308f24f6c76bfce5f0fb04a9a543c5582090968?t=eec2f370e4497c8fa87eec44281a8085

  3. Configure Fail2ban:

    Fail2ban's configuration file is located at /etc/fail2ban/jail.conf. Before making any changes to this file, it's a good idea to create a backup of the original configuration file.

    9d3f466c437d759bd8bf846ebba26c0a221f0d098a7fc7d563026ed6867a4ec7e4519654e7e963db?t=05afaa5d48f88e911a14ba3d60ff9ebd


    Edit the /etc/fail2ban/jail.local file and configure the services you want to protect from brute-force attacks. Here is an example configuration for the SSH service:

    b3fa578394b59a45b49176365bddf9618c2b82a78f579f79d26f700b14c5ec582ea8f477dfa00160?t=970c633979ba1b102c8b62a9dd5445cf


    This configuration will monitor the SSH log file located at /var/log/auth.log and ban any IP address that fails to log in after three attempts.

  4. Start the Fail2ban service:

    94d7d67d244a0b802df9f71fc80cd3f8632d191a0b00f7ee3d86a7541a713b513450a2b2a22d2306?t=d739905032559bae87b618074dc89203

    You can check the status of the Fail2ban service using the following command:

    480643ffe8cd7d31cccbd7d97ec83870178b317a467667ac936a572bb9595707ad4cb2322b2b564a?t=14eb6f87f6784cbd752506a1697350af

    If the service is running correctly, you should see a message that says "active (running)."

Fail2ban will now monitor your log files and ban any IP addresses that exhibit malicious behavior. You can view the banned IP addresses using the following command:

9f1a551b925e3628beebbd1f46ef20ab42c26fc9bc4e82b15d1d3867f8a5e8c150cad5626c984c95?t=a46cfb38db40dc20f837cd1b1cc2cfb8

You can also unban an IP address using the following command:

936c3b1115c8ab4d7e30f54a30439c605e59b90f8a1e7e533aafcf65c79dbc3cbb01784481e9972c?t=20f43064f888201e62782d9a0cbdc003

 


Share via
Did you find this article useful?  

Related Articles

Tags

© Rackzar