Fail2ban is a useful firewall & intrusion prevention framework that automatically detects and blocks brute force attacks on your servers. It analyzes server logs for such malicious attacks and blocks those IP addresses using IP tables. Here’s how to install Fail2ban on Ubuntu, CentOS systems.
How to Install Fail2ban to Protect Apache Server
Here are the steps to install Fail2ban for Apache web server.
1. Install Fail2ban
Ubuntu/Debian
Open terminal and run the following commands to install Fail2ban in Ubuntu server.
$ sudo apt-get update $ sudo apt-get install fail2ban -y
CentOS/Redhat/Fedora
Open terminal and run the following commands to install Fail2ban in CentOS server.
#sudo yum install -y epel-release
#sudo yum install -y fail2ban
Bonus Read : Top AWS Cost Optimization Best Practices
2. Restart Fail2ban
Restart Fail2ban to apply changes
$ sudo service fail2ban restart
Bonus Read : How to Install memcached in Apache
3. Check Fail2ban status
Run the following command to check Fail2ban status
$ sudo service fail2ban status $ active(running)
Bonus Read : Top 5 Log Management Tools for Server Monitoring
4. Configure Fail2ban
Next, we will create a configuration file to customize it. Fail2ban will look for a file named jail.local and read its contents for configuration. However, this file doesn’t exist by default. So we will create it
$ sudo vi /etc/fail2ban/jail.local
Paste the following lines into this file.
[DEFAULT] ignoreip = 127.0.0.1/8 ::1 bantime = 3600 findtime = 600 maxretry = 5 [sshd] enabled = true
Save and close the file.
In the above configuration, we instruct Fail2ban to ignore IP address 127.0.0.1 that is localhost. In the remaining lines we specify different time limits in seconds. For example, if there are 5 re-attempts (maxretry=5) within 600 seconds(findtime=600), then those IP addresses should be banned for 3600 seconds (bantim=3600), that is, 1 hour. You can change these settings as per your requirement.
Restart Fail2ban to apply changes.
$ sudo service fail2ban restart
Hopefully, this article will help you protect your Apache Server and SSH from brute force attacks.