If you have ever seen your log files, you know the attempts to break into your server seem to never stop. In order to drastically reduce the amount of brute force attacks and other malicious login activity, install Fail2Ban on your Debian / Ubuntu server.
Fail2Ban scans the configured log files and bans the IPs that show any malicious signs you specify with a filter. The ban is placed in your iptables firewall rule-set (or elsewhere) for a specified length of time, and then removed.
apt-get update && apt-get upgrade apt-get install fail2ban
Some configuration is required to setup fail2ban. By default, the only enabled jail is for port 22 (SSH) in the /etc/fail2ban/jail.conf file. Create a jail.local file in the same directory.
All configuration settings should be added to this file, and will overwrite the default settings in the jail.conf file. Add the following to enable some of the preconfigured jails from fail2ban.
# Set the non-default options from /etc/fail2ban/jail.conf # here for your fail2ban configuration. [DEFAULT] bantime = 600 findtime = 600 destemail = firstname.lastname@example.org # Set enabled = false to stop filtering failed ssh login attempts. [ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 # Set enabled = true to filter smtp failed login attempts. [sasl] enabled = false port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 # Set enabled = true if apache is installed. [apache] enabled = false port = http,https filter = apache-auth logpath = /var/log/apache*/*error.log maxretry = 3 # Set enabled = true if apache is installed. [apache-noscript] enabled = false port = http,https filter = apache-noscript logpath = /var/log/apache*/*error.log maxretry = 2 # Set enabled = true if apache is installed. [apache-overflows] enabled = false port = http,https filter = apache-overflows logpath = /var/log/apache*/*error.log maxretry = 2
To start the fail2ban service, use the start command.
service fail2ban start
To restart the fail2ban service, use the restart command.
service fail2ban restart
To stop the fail2ban service, use the stop command.
service fail2ban stop
Checking Fail2Ban Status
To check the status of the fail2ban service, use the status command.
service fail2ban status
Fail2Ban Website – http://www.fail2ban.org/wiki/index.php/Main_Page
How to use fail2ban with other programs and setup some fiters – http://www.fail2ban.org/wiki/index.php/HOWTOs
Error Reporting & Article Improvements
Did you spot an error in this article? Do you know a better way to accomplish the task at hand? Please leave a comment below with what you want to share with everyone.