Enhancing Security with 10+ Fail2Ban Configurations
Fail2Ban is an excellent tool to enhance security on servers, especially those exposed to the internet or internal networks where unwanted access is a concern. By configuring Fail2Ban correctly, you can prevent brute-force attacks on services like SSH, HTTP, and others. In this article, we’ll walk through 10+ essential configurations for fail2ban to significantly boost your server’s security.
What is Fail2Ban?
Fail2Ban is a log-based intrusion prevention tool that monitors service logs (e.g., Apache, SSH) for malicious activity. Upon detection of suspicious behavior, it temporarily or permanently blocks the attacker’s IP address, protecting your server from unauthorized access and potential breaches.
Configurations for Enhanced Security
1. SSH Brute-Force Protection
Fail2Ban’s default configuration includes protection against SSH brute-force attacks. However, you can further customize this by specifying the maximum number of attempts allowed within a given time frame.
“`bash
[Definition]
maxretry = 3
findtime = 30m
action = iptables[name=SSH, port=”ssh”, protocol=tcp]
[SSH-BruteForce]
filter = %(name)s
logpath = /var/log/secure
mode = ipv4
[bantime]
banoffpersecond = 2
“`
2. HTTP Brute-Force Protection
Configure Fail2Ban to block brute-force attacks on your HTTP service.
“`bash
[Definition]
maxretry = 10
findtime = 5m
action = iptables[name=HTTP, port=”http”, protocol=tcp]
[HTTP-BruteForce]
filter = %(name)s
logpath = /var/log/apache2/access.log
mode = ipv4
[bantime]
banoffpersecond = 1
“`
3. MySQL Brute-Force Protection
Protect your MySQL database from brute-force attacks.
“`bash
[Definition]
maxretry = 5
findtime = 10m
action = iptables[name=MySQL, port=”mysql”, protocol=tcp]
[MySQL-BruteForce]
filter = %(name)s
logpath = /var/log/mysql/error.log
mode = ipv4
[bantime]
banoffpersecond = 2
“`
4. Redis Brute-Force Protection
Configure Fail2Ban to block brute-force attacks on your Redis service.
“`bash
[Definition]
maxretry = 3
findtime = 1m
action = iptables[name=Redis, port=”redis”, protocol=tcp]
[Redis-BruteForce]
filter = %(name)s
logpath = /var/log/redis.log
mode = ipv4
[bantime]
banoffpersecond = 3
“`
5. Email Brute-Force Protection
Protect your email server from brute-force attacks.
“`bash
[Definition]
maxretry = 10
findtime = 30m
action = iptables[name=Email, port=”smtp”, protocol=tcp]
[Email-BruteForce]
filter = %(name)s
logpath = /var/log/mail.log
mode = ipv4
[bantime]
banoffpersecond = 2
“`
6. Nginx Brute-Force Protection
Configure Fail2Ban to block brute-force attacks on your Nginx service.
“`bash
[Definition]
maxretry = 5
findtime = 1m
action = iptables[name=Nginx, port=”http”, protocol=tcp]
[Nginx-BruteForce]
filter = %(name)s
logpath = /var/log/nginx/access.log
mode = ipv4
[bantime]
banoffpersecond = 3
“`
7. PostgreSQL Brute-Force Protection
Protect your PostgreSQL database from brute-force attacks.
“`bash
[Definition]
maxretry = 5
findtime = 10m
action = iptables[name=PostgreSQL, port=”postgresql”, protocol=tcp]
[PostgreSQL-BruteForce]
filter = %(name)s
logpath = /var/log/postgresql.log
mode = ipv4
[bantime]
banoffpersecond = 2
“`
8. Memcached Brute-Force Protection
Configure Fail2Ban to block brute-force attacks on your Memcached service.
“`bash
[Definition]
maxretry = 3
findtime = 1m
action = iptables[name=Memcached, port=”memcache”, protocol=tcp]
[Memcached-BruteForce]
filter = %(name)s
logpath = /var/log/memcached.log
mode = ipv4
[bantime]
banoffpersecond = 3
“`
9. IMAP Brute-Force Protection
Protect your IMAP server from brute-force attacks.
“`bash
[Definition]
maxretry = 10
findtime = 30m
action = iptables[name=IMAP, port=”imap”, protocol=tcp]
[IMAP-BruteForce]
filter = %(name)s
logpath = /var/log/mail.log
mode = ipv4
[bantime]
banoffpersecond = 2
“`
10. POP3 Brute-Force Protection
Configure Fail2Ban to block brute-force attacks on your POP3 service.
“`bash
[Definition]
maxretry = 5
findtime = 1m
action = iptables[name=POP3, port=”pop3″, protocol=tcp]
[POP3-BruteForce]
filter = %(name)s
logpath = /var/log/mail.log
mode = ipv4
[bantime]
banoffpersecond = 3
“`
Conclusion
By configuring Fail2Ban with these customizations, you can significantly enhance the security of your server and prevent brute-force attacks on various services. Remember to monitor Fail2Ban logs for effective detection and response to potential threats.
Note: These configurations are examples and may need to be adjusted according to specific needs and environments. Always test and verify configurations before implementing them in production.
About the Author
