Enhancing Security with 20 Fail2Ban Configurations

Fail2Ban is a widely used security tool that monitors log files and bans IP addresses that exhibit malicious behavior, such as repeated login attempts or other suspicious activity. In this article, we will explore 20 fail2ban configurations to enhance the security of your Linux system.

What is Fail2Ban?

Fail2Ban is an open-source software that scans log files for specific patterns, usually indicative of malicious activity, and bans the corresponding IP address. This prevents brute-force attacks on services such as SSH, FTP, and MySQL, among others.

20 Fail2Ban Configurations for Enhanced Security

1. SSH Brute-Force Protection

Protect your SSH service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [ssh-iptables] filter = sshd action = iptables[name=SSH, protocol=tcp] logpath = /var/log/secure bantime = 3600 maxretry = 3

2. Apache Brute-Force Protection

Protect your Apache web server from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [apache-iptables] filter = apache-auth action = iptables[name=Apache, protocol=tcp] logpath = /var/log/httpd/access.log bantime = 3600 maxretry = 3

3. FTP Brute-Force Protection

Protect your FTP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [ftp-iptables] filter = ftp action = iptables[name=FTP, protocol=tcp] logpath = /var/log/secure bantime = 3600 maxretry = 3

4. MySQL Brute-Force Protection

Protect your MySQL service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [mysql-iptables] filter = mysql action = iptables[name=MySQL, protocol=tcp] logpath = /var/log/mysql/error.log bantime = 3600 maxretry = 3

5. SMTP Brute-Force Protection

Protect your SMTP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [smtp-iptables] filter = smtp action = iptables[name=SMTP, protocol=tcp] logpath = /var/log/mail.log bantime = 3600 maxretry = 3

6. PostgreSQL Brute-Force Protection

Protect your PostgreSQL service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [postgresql-iptables] filter = postgresql action = iptables[name=PostgreSQL, protocol=tcp] logpath = /var/log/postgresql/error.log bantime = 3600 maxretry = 3

7. RDP Brute-Force Protection

Protect your RDP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [rdp-iptables] filter = rdp action = iptables[name=RDP, protocol=tcp] logpath = /var/log/secure bantime = 3600 maxretry = 3

8. SMB Brute-Force Protection

Protect your SMB service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [smb-iptables] filter = smb action = iptables[name=SMB, protocol=tcp] logpath = /var/log/samba.log bantime = 3600 maxretry = 3

9. DNS Brute-Force Protection

Protect your DNS service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [dns-iptables] filter = dns action = iptables[name=DNS, protocol=tcp] logpath = /var/log/dnsmasq.log bantime = 3600 maxretry = 3

10. SSH Key Bruteforce Protection

Protect your SSH service from key bruteforce attacks by configuring fail2ban to monitor login attempts.
markdown [ssh-key-iptables] filter = sshd action = iptables[name=SSH-Key, protocol=tcp] logpath = /var/log/secure bantime = 3600 maxretry = 3

11. Apache mod_userdir Brute-Force Protection

Protect your Apache service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [apache-userdir-iptables] filter = apache-mod_userdir action = iptables[name=Apache-Userdir, protocol=tcp] logpath = /var/log/httpd/access.log bantime = 3600 maxretry = 3

12. PHP-FPM Brute-Force Protection

Protect your PHP-FPM service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [php-fpm-iptables] filter = php-fpm action = iptables[name=PHP-FPM, protocol=tcp] logpath = /var/log/php-fpm.log bantime = 3600 maxretry = 3

13. MySQLi Brute-Force Protection

Protect your MySQLi service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [mysqli-iptables] filter = mysqli action = iptables[name=MySQLi, protocol=tcp] logpath = /var/log/mysql/error.log bantime = 3600 maxretry = 3

14. Perl Brute-Force Protection

Protect your Perl service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [perl-iptables] filter = perl action = iptables[name=Perl, protocol=tcp] logpath = /var/log/perl.log bantime = 3600 maxretry = 3

15. Python Brute-Force Protection

Protect your Python service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [python-iptables] filter = python action = iptables[name=Python, protocol=tcp] logpath = /var/log/python.log bantime = 3600 maxretry = 3

16. Ruby Brute-Force Protection

Protect your Ruby service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [ruby-iptables] filter = ruby action = iptables[name=Ruby, protocol=tcp] logpath = /var/log/ruby.log bantime = 3600 maxretry = 3

17. Tomcat Brute-Force Protection

Protect your Tomcat service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [tomcat-iptables] filter = tomcat action = iptables[name=Tomcat, protocol=tcp] logpath = /var/log/tomcat.log bantime = 3600 maxretry = 3

18. IIS Brute-Force Protection

Protect your IIS service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [iis-iptables] filter = iis action = iptables[name=IIS, protocol=tcp] logpath = /var/log/iis.log bantime = 3600 maxretry = 3

19. WebLogic Brute-Force Protection

Protect your WebLogic service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [weblogic-iptables] filter = weblogic action = iptables[name=WebLogic, protocol=tcp] logpath = /var/log/weblogic.log bantime = 3600 maxretry = 3

20. GlassFish Brute-Force Protection

Protect your GlassFish service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown [glassfish-iptables] filter = glassfish action = iptables[name=GlassFish, protocol=tcp] logpath = /var/log/glassfish.log bantime = 3600 maxretry = 3
Conclusion

In this article, we have explored 20 fail2ban configurations to enhance the security of your Linux system. By configuring fail2ban to monitor login attempts and ban IP addresses that exhibit malicious behavior, you can protect your services from brute-force attacks and improve overall security. Remember to customize these configurations according to your specific needs and keep your software up-to-date to ensure maximum protection.

Paul

Administrator

Visit Website View All Posts

Post Views: 125

Related Stories

10 Essential Engineering Skills for 2025

11 Cybersecurity Best Practices for 2025

17 GitHub Actions Workflows for Development Teams

You may have missed