{{ $('Map tags to IDs').item.json.title }}
Setting Up Fail2Ban for Basic Server Security
Fail2Ban is an open-source intrusion prevention software that helps protect your server from unauthorized access by monitoring log files and banning IP addresses that show malicious signs. This tutorial will walk you through installing and configuring Fail2Ban for improved security on your server.
Prerequisites
- A Linux server with terminal access.
- Root or sudo privileges to install and configure Fail2Ban.
1. Installing Fail2Ban
To install Fail2Ban, open your terminal and run the following commands based on your Linux distribution:
- For Ubuntu/Debian:
sudo apt update sudo apt install fail2ban -y - For CentOS/RHEL:
sudo yum install epel-release sudo yum install fail2ban -y - For Fedora:
sudo dnf install fail2ban -y
2. Starting and Enabling Fail2Ban
After the installation, start the Fail2Ban service and enable it to start at boot:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban3. Configuring Fail2Ban
The main configuration file for Fail2Ban is located at /etc/fail2ban/jail.conf. However, it is recommended to create a separate file for your local configurations to avoid overwriting changes during updates:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localOpen the local configuration file in a text editor:
sudo nano /etc/fail2ban/jail.localWithin this file, you can configure different jails which define the services to protect (like SSH, HTTP, etc.).
4. Configuring the SSH Jail
To set up protection for SSH, locate the section for the SSH jail in the jail.local file. Uncomment and modify the following lines as necessary:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600This configuration means that if there are more than 5 failed login attempts, the IP will be banned for one hour (3600 seconds).
5. Restarting Fail2Ban
After making changes to the configuration file, restart the Fail2Ban service to apply the new settings:
sudo systemctl restart fail2ban6. Checking Fail2Ban Status
To verify that Fail2Ban is running and check the status of jails, use:
sudo systemctl status fail2banFor more detailed information, including which IPs have been banned, use:
sudo fail2ban-client statusAnd to see specific jail information (e.g., SSH):
sudo fail2ban-client status sshd7. Whitelisting IP Addresses
If you need to whitelist certain IP addresses (prevent them from being banned), add them in the jail.local file under the respective jail section:
ignoreip = 127.0.0.1/8 YOUR_WHITELISTED_IP8. Conclusion
By installing and configuring Fail2Ban, you’ve taken a significant step towards enhancing the security of your Linux server. Fail2Ban helps reduce unauthorized access attempts by automatically banning IP addresses showing malicious behavior. Regularly monitor your Fail2Ban logs to ensure optimal security.
About the Author
