Protect against brute-force attacks with fail2ban

Are you running a Server or thinking about setting one up for yourself? If so you will quickly discover the need for protection from brute force attacks. Having run a server in the past I was well aware this was a problem. What I found surprising was the frequency in which these attacks came. Don’t fret though, I present to you fail2ban, an open source program designed to mitigate the risks of brute-force attacks. 

For administrators running highly sensitive servers this would only be the first step, you should also include some form of multi-factor authentication. The most common method for this would be RSA SecurID. This of course not free and not open source but a good choice for large enterprises. For less sensitive servers like this one, fail2ban with a strong password should be sufficient. In my honest opinion if you have SSH open in your firewall, you should be using this software. 

Luckily this software is quite easy to configure, and does a great job at blocking brute-force attacks. Fail2ban can be configured to email your root account every time it blocks an IP address. Included in this email is a whois lookup and output from your /var/log/secure file. In order to retrieve these emails you need a console based mail client. I am using alpine but mutt is also a fine choice. Another nice thing about fail2ban is the ability to configure both the length of the ban, and the number of attempts needed before it is issued.

If you were not aware The Wasteland is running Fedora server edition. I am going to include a great guide on how to get this working with systemd and firewalld on Fedora. Being able to automate the blocking of these attacks, and knowing where they came from is quite the useful tool. I know I am considering just blocking all Chinese hosts after seeing the percentage of attacks originate from there. For bloggers like me that is an option, for large enterprises it may not. Anyway that is all I have for now, I will also include a video I found showing how to set up fail2ban on Fedora. If you are running another distribution guides are available. If you need help feel free to comment, I have been around Linux a long time and would be happy to assist.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on TumblrShare on LinkedInShare on Reddit

Published by

elementj

Thirty-something IT Professional

Leave a Reply

Your email address will not be published. Required fields are marked *