How to Prevent Brute-Force Attacks on Linux Using Fail2ban
SSH and FTP are two of the most exploited network protocols. Hackers utilize complex automated tools to guess your username and password and then break into your system.
With good security practices in place, you can mitigate most of the security risks. And with Fail2ban, you can further reduce the risk of security breaches by being proactive in securing your Linux servers or PCs.
What Is Fail2ban?
Fail2ban is a powerful open-source security software that dynamically protects your servers or PCs from suspicious activities andbrute-force attacks. It continuously scans your log files for login attempts, and in case of any, it blocks the source IP address by updating your firewall rules.
Fail2ban works with most remote connection services such as SSH, FTP, SMTP, and HTTP.
Fail2ban is easy to configure and customize. it’s possible to specify for how long you want to block the IP addresses or configure it to receive automated alerts when there is suspicious activity.
To emphasize, Fail2ban alone is not enough to protect you from security breaches. You should also have other security measures in place to reduce the risk of being hacked. For example, you should always use strong passwords on your systems and restrict access as much as you can.
How to Install Fail2ban on Linux
Most of the major Linux distros including Red Hat Enterprise Linux (RHEL), Ubuntu, and Arch Linux support Fail2ban. Here’s how to install Fail2ban on your Linux distro:
On Arch Linux and its derivatives:
To install Fail2ban on Ubuntu and Debian:
Installing Fail2ban on Fedora and RHEL is easy:
Next, you’ll need to enable the Fail2ban service. This way the process will run in the background whenever your system boots.
To finalize the installation, start the Fail2ban service using the following command:
You can verify that the Fail2ban service is up and running with:
If everything is okay, the service should be up and active. If there are any error messages, you can look at the Fail2ban log messagesusing the journalctl utility:
Configuring Fail2ban on Linux
Finally, you can start configuring Fail2ban to protect your system from brute-force attacks and other suspicious activities.
The/etc/fail2ban/jail.conffile stores the main Fail2ban configurations. As a best practice, avoid making changes to this particular file. Only use it as a reference.
Whenever you update Fail2ban, thejail.confconfiguration file will be overwritten. To avoid losing your configuration, make a copy namedjail.localwithin the same folder.Use the powerful cp commandfor this:
Next, open thejail.localfile using your favorite text editor and adjust the following configurations:
The configuration file is well documented, so read through it to learn more about Fail2ban and the options that it presents.
Finally, restart the fail2ban service for the changes to take effect. Use the command:
Testing the Fail2ban Configuration
With the configuration set up, you can test if themaxretryconfiguration is working. Try to SSH login to the PC or server you have configured.
When requested for login credentials, supply the wrong password, twice. Fail2ban will kick into action and block you for five minutes, as configured.
This is just a simple use case; now proceed to configure your server to your liking, and feel free to experiment.
Add an Extra Layer of Security to Your Linux Server or PC
Fail2ban is a powerful and very configurable security tool. Use it to proactively protect your servers or PCs from brute-force attacks.
In addition to having Fail2ban, use strong passwords and configure your firewall for better security. it’s possible to also protect your home or office network by using a reputable firewall system.
For those who are serious about their network security, knowing which Linux firewall apps and solutions are available for free is crucial.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
It’s not super flashy, but it can help to keep your computer up and running.
Taming data is easier than it looks.
It saves me hours and keeps my sanity intact.
Anyone with more than a passing interest in motorsports must see these films.
