Enhanced Security with 24 Fail2Ban Configurations
Fail2Ban is an excellent tool to enhance the security of your Linux systems by blocking brute-force login attempts and other malicious activities. In this article, we will explore 24 detailed configurations for Fail2Ban to further strengthen the security of your servers.
Introduction to Fail2Ban
Before diving into the configurations, let’s have a brief introduction to Fail2Ban. Fail2Ban is an open-source software that monitors log files and takes action when it detects malicious activities such as multiple login attempts within a short period. It blocks IP addresses attempting brute-force attacks using firewall rules or other means.
Configurations for Enhanced Security
Here are the 24 detailed configurations for Fail2Ban:
1. MySQL Brute Force
“`bash
[INCLUDES]
before = common.conf
action_mysqldbname = iptables-allports.conf
logpath = /var/log/mysql/error.log
maxretry = 5
bantime = 60m
“`
This configuration monitors the MySQL error log for brute-force attempts and blocks the IP address for 1 hour.
2. SSH Brute Force
“`bash
[INCLUDES]
before = common.conf
action_sshport = iptables-allports.conf
logpath = /var/log/secure
maxretry = 5
bantime = 30m
“`
This configuration monitors the SSH log for brute-force attempts and blocks the IP address for 30 minutes.
3. Apache Brute Force
“`bash
[INCLUDES]
before = common.conf
action_apachepage = iptables-url.conf
logpath = /var/log/apache2/access.log
maxretry = 5
bantime = 1h
“`
This configuration monitors the Apache access log for brute-force attempts and blocks the IP address for 1 hour.
4. PostgreSQL Brute Force
“`bash
[INCLUDES]
before = common.conf
action_postgresdbname = iptables-allports.conf
logpath = /var/log/postgresql/access.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the PostgreSQL access log for brute-force attempts and blocks the IP address for 30 minutes.
5. FTP Brute Force
“`bash
[INCLUDES]
before = common.conf
action_ftppwfile = iptables-allports.conf
logpath = /var/log/ftp.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the FTP log for brute-force attempts and blocks the IP address for 15 minutes.
6. Mail Brute Force
“`bash
[INCLUDES]
before = common.conf
action_mailport = iptables-allports.conf
logpath = /var/log/mail.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the mail log for brute-force attempts and blocks the IP address for 30 minutes.
7. HTTP Brute Force
“`bash
[INCLUDES]
before = common.conf
action_httpport = iptables-allports.conf
logpath = /var/log/httpd/access.log
maxretry = 5
bantime = 1h
“`
This configuration monitors the HTTP log for brute-force attempts and blocks the IP address for 1 hour.
8. Squid Brute Force
“`bash
[INCLUDES]
before = common.conf
action_squidport = iptables-allports.conf
logpath = /var/log/squid/access.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the Squid access log for brute-force attempts and blocks the IP address for 30 minutes.
9. NTP Brute Force
“`bash
[INCLUDES]
before = common.conf
action_ntppwfile = iptables-allports.conf
logpath = /var/log/ntp.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the NTP log for brute-force attempts and blocks the IP address for 15 minutes.
10. SNMP Brute Force
“`bash
[INCLUDES]
before = common.conf
action_snmpport = iptables-allports.conf
logpath = /var/log/snmp.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the SNMP log for brute-force attempts and blocks the IP address for 30 minutes.
11. DNS Brute Force
“`bash
[INCLUDES]
before = common.conf
action_dnspwfile = iptables-allports.conf
logpath = /var/log/dns.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the DNS log for brute-force attempts and blocks the IP address for 15 minutes.
12. OpenSSH Brute Force
“`bash
[INCLUDES]
before = common.conf
action_opensshport = iptables-allports.conf
logpath = /var/log/secure
maxretry = 5
bantime = 30m
“`
This configuration monitors the OpenSSH log for brute-force attempts and blocks the IP address for 30 minutes.
13. SSH Key Brute Force
“`bash
[INCLUDES]
before = common.conf
action_sshkeyfile = iptables-allports.conf
logpath = /var/log/secure
maxretry = 5
bantime = 1h
“`
This configuration monitors the SSH key log for brute-force attempts and blocks the IP address for 1 hour.
14. MySQL Root Brute Force
“`bash
[INCLUDES]
before = common.conf
action_mysqlrootpwfile = iptables-allports.conf
logpath = /var/log/mysql/error.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the MySQL root log for brute-force attempts and blocks the IP address for 30 minutes.
15. PostgreSQL Root Brute Force
“`bash
[INCLUDES]
before = common.conf
action_postgresqlrootpwfile = iptables-allports.conf
logpath = /var/log/postgresql/access.log
maxretry = 5
bantime = 1h
“`
This configuration monitors the PostgreSQL root log for brute-force attempts and blocks the IP address for 1 hour.
16. FTP Anonymous Brute Force
“`bash
[INCLUDES]
before = common.conf
action_ftpanonymousport = iptables-allports.conf
logpath = /var/log/ftp.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the FTP anonymous log for brute-force attempts and blocks the IP address for 15 minutes.
17. Mail Relay Brute Force
“`bash
[INCLUDES]
before = common.conf
action_mailrelayport = iptables-allports.conf
logpath = /var/log/mail.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the mail relay log for brute-force attempts and blocks the IP address for 30 minutes.
18. HTTP Proxy Brute Force
“`bash
[INCLUDES]
before = common.conf
action_httpproxypwfile = iptables-allports.conf
logpath = /var/log/httpd/access.log
maxretry = 5
bantime = 1h
“`
This configuration monitors the HTTP proxy log for brute-force attempts and blocks the IP address for 1 hour.
19. Squid Proxy Brute Force
“`bash
[INCLUDES]
before = common.conf
action_squidproxypwfile = iptables-allports.conf
logpath = /var/log/squid/access.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the Squid proxy log for brute-force attempts and blocks the IP address for 30 minutes.
20. NTP Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_ntpserverport = iptables-allports.conf
logpath = /var/log/ntp.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the NTP server log for brute-force attempts and blocks the IP address for 15 minutes.
21. SNMP Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_snmpserverport = iptables-allports.conf
logpath = /var/log/snmp.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the SNMP server log for brute-force attempts and blocks the IP address for 30 minutes.
22. DNS Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_dnsserverport = iptables-allports.conf
logpath = /var/log/dns.log
maxretry = 3
bantime = 15m
“`
This configuration monitors the DNS server log for brute-force attempts and blocks the IP address for 15 minutes.
23. SSH Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_sshserverport = iptables-allports.conf
logpath = /var/log/secure
maxretry = 5
bantime = 30m
“`
This configuration monitors the SSH server log for brute-force attempts and blocks the IP address for 30 minutes.
24. MySQL Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_mysqlserverport = iptables-allports.conf
logpath = /var/log/mysql/error.log
maxretry = 5
bantime = 1h
“`
This configuration monitors the MySQL server log for brute-force attempts and blocks the IP address for 1 hour.
25. PostgreSQL Server Brute Force
“`bash
[INCLUDES]
before = common.conf
action_postgresqlserverport = iptables-allports.conf
logpath = /var/log/postgresql/access.log
maxretry = 5
bantime = 30m
“`
This configuration monitors the PostgreSQL server log for brute-force attempts and blocks the IP address for 30 minutes.
Please note that these configurations are examples and may need to be adjusted based on your specific use case. Additionally, it’s always a good idea to test and validate any new security measures before implementing them in production.
