Remember to maintain security and privacy. Do not share sensitive information. Procedimento.com.br may make mistakes. Verify important information. Termo de Responsabilidade

How to Secure Your Linux Server with Fail2Ban

Fail2Ban is a crucial security tool for Linux servers, designed to protect your system from brute-force attacks. By monitoring log files and banning IP addresses that show malicious signs, Fail2Ban helps to prevent unauthorized access and potential security breaches. This article will guide you through the process of installing, configuring, and running Fail2Ban on a Linux server.

Fail2Ban works by scanning log files (e.g., /var/log/auth.log, /var/log/apache2/error.log) and banning IP addresses that make too many password failures or seek for exploits. It updates firewall rules to reject the IP addresses for a specified amount of time, thus preventing further attempts.

Examples:

  1. Installing Fail2Ban

    To install Fail2Ban on a Debian-based system, use the following command:

    sudo apt-get update
sudo apt-get install fail2ban

    For Red Hat-based systems, use:

    sudo yum install epel-release
sudo yum install fail2ban

  2. Basic Configuration

    The main configuration file for Fail2Ban is located at /etc/fail2ban/jail.conf. However, it is recommended to create a local copy to avoid losing changes during updates:

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

    Open the jail.local file for editing:

    sudo nano /etc/fail2ban/jail.local

    Enable the SSH jail by modifying the following lines:

    [sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

  3. Starting and Enabling Fail2Ban

    Start the Fail2Ban service:

    sudo systemctl start fail2ban

    Enable Fail2Ban to start on boot:

    sudo systemctl enable fail2ban

  4. Monitoring Fail2Ban

    To check the status of Fail2Ban and see which IPs are currently banned, use:

    sudo fail2ban-client status
sudo fail2ban-client status sshd

  5. Unbanning an IP Address

    If you need to unban an IP address, use the following command:

    sudo fail2ban-client set sshd unbanip <IP_ADDRESS>

  6. Custom Filters

    You can create custom filters by adding new filter files in /etc/fail2ban/filter.d/. For example, to create a custom filter for Apache, create a file named apache-auth.conf:

    sudo nano /etc/fail2ban/filter.d/apache-auth.conf

    Add the following content:

    [Definition]
failregex = ^<HOST> -.*"GET /wp-login.php
ignoreregex =

    Then, add the jail configuration in jail.local:

    [apache-auth]
enabled = true
filter = apache-auth
action = iptables[name=apache-auth, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
maxretry = 3

    Restart Fail2Ban to apply changes:

    sudo systemctl restart fail2ban

To share Download PDF

Linux Fail2Ban iptables SSH Apache firewall security brute-force log files systemctl nano apt-get yum

Gostou do artigo? Deixe sua avaliação!
Sua opinião é muito importante para nós. Clique em um dos botões abaixo para nos dizer o que achou deste conteúdo.