Penguin Crumbs

Notes and tips from a Linux user

home about this blog
search:  

Secure your server with fail2ban

Let’s say that you have a public Linux server on the internet and that it is technically possible for everyone to connect to it using ssh. In this scenario, it is probably appropriate to protect it from who tries to guess the password obsessively making an impressive number of repeated attempts.
(Yes, I know that you are thinking that if the ssh key is present on the client side, then typing in the password is no longer a problem; anyway I do not like this way of using ssh, since I don’t want to worry if I lose my smartphone or my notebook.)

Well, in brief fail2ban is an intrusion prevention software against brute-force attacks, written in the Python, that scans your logs and bans evil IPs using iptables. Here is a 5-minute installation and configuration guide for Ubuntu and derivative distros.

Installation:

 apt install iptables  # maybe it's installed yet
 apt install fail2ban

The configuration directory is

 /etc/fail2ban/

Do not edit the file jail.conf; just create a new file named jail.local and put the follownig content in it:

 [ssh]
 enabled = true
 port = ssh
 filter = sshd
 logpath = /var/log/auth.log
 maxretry = 3
 bantime = 900
 ignoreip = 192.168.1.2
where

And now restart the service using

 systemctl restart fail2ban

Now you can try to login with the wrong password and your ssh client IP will be blocked!!! You can monitor the status of the bans with some commands:

 systemctl status fail2ban # prints the service process status
 fail2ban-client status ssh # prints info about banned IPs
 iptables -L # alternative way to print info about banned IPs
 fail2ban-client set ssh unbanip xxx.xxx.xxx.xxx # unbans one IP

Usually the log configured in fail2ban.conf is /var/log/fail2ban.log, so using grep you can view some info about how fail2ban has been working:

 grep Ban /var/log/fail2ban.log
 grep Unban /var/log/fail2ban.log
 
 
Posted on 2019-05-23  
 
⇦  back
 
__________________
 
Copyright © 2019 Marcello Zaniboni