Enhancing Security with 12 Fail2Ban Configurations
Fail2Ban is a powerful security tool that can automatically block IP addresses attempting to brute-force login or access your system. In this article, we’ll explore 12 Fail2Ban configurations for enhanced security.
Configuration 1: SSH Brute-Force Protection
To protect against SSH brute-force attacks, add the following configuration:
bash
[ssh-iptables]
filter = sshd-ddos
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 SSH login attempts within a short time frame.
Configuration 2: HTTP Brute-Force Protection
To protect against HTTP brute-force attacks, add the following configuration:
bash
[http-iptables]
filter = apache-ddos
action = iptables[name=HTTP, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 HTTP login attempts within a short time frame.
Configuration 3: MySQL Brute-Force Protection
To protect against MySQL brute-force attacks, add the following configuration:
bash
[mysql-iptables]
filter = mysqld-ddos
action = iptables[name=MySQL, port=mysql, protocol=tcp]
logpath = /var/log/mysql/error.log
maxretry = 2
This configuration tells Fail2Ban to block IP addresses that attempt more than 2 MySQL login attempts within a short time frame.
Configuration 4: Apache Brute-Force Protection
To protect against Apache brute-force attacks, add the following configuration:
bash
[apache-iptables]
filter = apache-ddos
action = iptables[name=Apache, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 Apache login attempts within a short time frame.
Configuration 5: Postfix Brute-Force Protection
To protect against Postfix brute-force attacks, add the following configuration:
bash
[postfix-iptables]
filter = postfix-ddos
action = iptables[name=Postfix, portsmtp, protocol=tcp]
logpath = /var/log/mail.log
maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 Postfix login attempts within a short time frame.
Configuration 6: RDP Brute-Force Protection
To protect against RDP brute-force attacks, add the following configuration:
bash
[rdp-iptables]
filter = rdp-ddos
action = iptables[name=RDP, port=rdp, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 RDP login attempts within a short time frame.
Configuration 7: FTP Brute-Force Protection
To protect against FTP brute-force attacks, add the following configuration:
bash
[ftp-iptables]
filter = ftp-ddos
action = iptables[name=FTP, port=ftp, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 FTP login attempts within a short time frame.
Configuration 8: SMTP Brute-Force Protection
To protect against SMTP brute-force attacks, add the following configuration:
bash
[smtp-iptables]
filter = smtp-ddos
action = iptables[name=SMTP, portsmtp, protocol=tcp]
logpath = /var/log/mail.log
maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 SMTP login attempts within a short time frame.
Configuration 9: SSH with Failed Login Attempts
To protect against failed SSH login attempts, add the following configuration:
bash
[ssh-failed-iptables]
filter = sshd-ddos
action = iptables[name=SSH-Failed, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 failed SSH login attempts within a short time frame.
Configuration 10: HTTP with Failed Login Attempts
To protect against failed HTTP login attempts, add the following configuration:
bash
[http-failed-iptables]
filter = apache-ddos
action = iptables[name=HTTP-Failed, port=http, protocol=tcp]
logpath = /var/log/apache2/access.log
maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 failed HTTP login attempts within a short time frame.
Configuration 11: MySQL with Failed Login Attempts
To protect against failed MySQL login attempts, add the following configuration:
bash
[mysql-failed-iptables]
filter = mysqld-ddos
action = iptables[name=MySQL-Failed, port=mysql, protocol=tcp]
logpath = /var/log/mysql/error.log
maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 failed MySQL login attempts within a short time frame.
Configuration 12: SSH with Successful Login Attempts
To protect against successful SSH login attempts, add the following configuration:
bash
[ssh-success-iptables]
filter = sshd-ddos
action = iptables[name=SSH-Success, port=ssh, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 successful SSH login attempts within a short time frame.
By implementing these 12 configurations, you’ll be able to significantly enhance the security of your system against various types of attacks. Remember to adjust the maxretry values according to your specific needs and logging settings.
About the Author
