search

File 2 ban

File2banarrow-up-right is used to block IP addresses. The technology is simple - it scans the logs (for example /var/log/apache/error_log) and bans IP that show malicious signs, for example, exceed the max. number of login attempts.

In the settings, parameters are set - how many access attempts can be made for a specified period of time, and a ban time interval.

circle-exclamation

However, it must be understood that File2Ban reduces, but does not completely eliminate the risk of stealing information from the server.

For serious server protection, you need to set up an SSH key login, or 2FA.

hashtag
Installation

sudo apt install fail2ban

Let's start and make the daemon start automatically on every boot:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

hashtag
Setting

All ban parameters are set in the configuration file jail.conf , which is located at /etc/fail2ban/jail.conf

By default, after installation, we have the following settings for banning via SSH:

[DEFAULT]
ignorecommand =
bantime = 10m
findtime = 10m
maxretry = 5

Where: bantime - [min] time for banning ip. findtime - [min] time interval during which you can try to log in to the server "maxretry" times. maxretry - [times] allowed number of login attempts, per "findtime" time interval.

If you decide to change the settings, then open the editor:

After changing the parameters, restart the service:

hashtag
Debugging

If an error occurs due to the fact that file2ban does not find a log file in which to write logs:

then we could solve this problem like this:

Done!๐ŸŽ‰ You have protected your server from a password and user guessing attack.

With Fila2Ban, you can protect not only SSH, but also apache, courier, etc. Reed morearrow-up-right.

Previous2FA for SSHNextOssec + postfix (Is in writing)

Last updated