Enhancing Security with 12 Fail2Ban Configurations

Fail2Ban is a powerful security tool that can automatically block IP addresses attempting to brute-force login or access your system. In this article, we’ll explore 12 Fail2Ban configurations for enhanced security.

Configuration 1: SSH Brute-Force Protection

To protect against SSH brute-force attacks, add the following configuration:
bash [ssh-iptables] filter = sshd-ddos action = iptables[name=SSH, port=ssh, protocol=tcp] logpath = /var/log/secure maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 SSH login attempts within a short time frame.

Configuration 2: HTTP Brute-Force Protection

To protect against HTTP brute-force attacks, add the following configuration:
bash [http-iptables] filter = apache-ddos action = iptables[name=HTTP, port=http, protocol=tcp] logpath = /var/log/apache2/access.log maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 HTTP login attempts within a short time frame.

Configuration 3: MySQL Brute-Force Protection

To protect against MySQL brute-force attacks, add the following configuration:
bash [mysql-iptables] filter = mysqld-ddos action = iptables[name=MySQL, port=mysql, protocol=tcp] logpath = /var/log/mysql/error.log maxretry = 2
This configuration tells Fail2Ban to block IP addresses that attempt more than 2 MySQL login attempts within a short time frame.

Configuration 4: Apache Brute-Force Protection

To protect against Apache brute-force attacks, add the following configuration:
bash [apache-iptables] filter = apache-ddos action = iptables[name=Apache, port=http, protocol=tcp] logpath = /var/log/apache2/access.log maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 Apache login attempts within a short time frame.

Configuration 5: Postfix Brute-Force Protection

To protect against Postfix brute-force attacks, add the following configuration:
bash [postfix-iptables] filter = postfix-ddos action = iptables[name=Postfix, portsmtp, protocol=tcp] logpath = /var/log/mail.log maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 Postfix login attempts within a short time frame.

Configuration 6: RDP Brute-Force Protection

To protect against RDP brute-force attacks, add the following configuration:
bash [rdp-iptables] filter = rdp-ddos action = iptables[name=RDP, port=rdp, protocol=tcp] logpath = /var/log/secure maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 RDP login attempts within a short time frame.

Configuration 7: FTP Brute-Force Protection

To protect against FTP brute-force attacks, add the following configuration:
bash [ftp-iptables] filter = ftp-ddos action = iptables[name=FTP, port=ftp, protocol=tcp] logpath = /var/log/secure maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 FTP login attempts within a short time frame.

Configuration 8: SMTP Brute-Force Protection

To protect against SMTP brute-force attacks, add the following configuration:
bash [smtp-iptables] filter = smtp-ddos action = iptables[name=SMTP, portsmtp, protocol=tcp] logpath = /var/log/mail.log maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 SMTP login attempts within a short time frame.

Configuration 9: SSH with Failed Login Attempts

To protect against failed SSH login attempts, add the following configuration:
bash [ssh-failed-iptables] filter = sshd-ddos action = iptables[name=SSH-Failed, port=ssh, protocol=tcp] logpath = /var/log/secure maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 failed SSH login attempts within a short time frame.

Configuration 10: HTTP with Failed Login Attempts

To protect against failed HTTP login attempts, add the following configuration:
bash [http-failed-iptables] filter = apache-ddos action = iptables[name=HTTP-Failed, port=http, protocol=tcp] logpath = /var/log/apache2/access.log maxretry = 5
This configuration tells Fail2Ban to block IP addresses that attempt more than 5 failed HTTP login attempts within a short time frame.

Configuration 11: MySQL with Failed Login Attempts

To protect against failed MySQL login attempts, add the following configuration:
bash [mysql-failed-iptables] filter = mysqld-ddos action = iptables[name=MySQL-Failed, port=mysql, protocol=tcp] logpath = /var/log/mysql/error.log maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 failed MySQL login attempts within a short time frame.

Configuration 12: SSH with Successful Login Attempts

To protect against successful SSH login attempts, add the following configuration:
bash [ssh-success-iptables] filter = sshd-ddos action = iptables[name=SSH-Success, port=ssh, protocol=tcp] logpath = /var/log/secure maxretry = 3
This configuration tells Fail2Ban to block IP addresses that attempt more than 3 successful SSH login attempts within a short time frame.

By implementing these 12 configurations, you’ll be able to significantly enhance the security of your system against various types of attacks. Remember to adjust the maxretry values according to your specific needs and logging settings.

Paul

Administrator

Visit Website View All Posts

Post Views: 22

Leave a Reply Cancel reply

Related Stories

23 System Logging Techniques with rsyslog and journalctl

19 Coding Speed Enhancement Techniques for Developers

12 Python Scripting Techniques for Automation

You may have missed