Enhancing Security with 20 Fail2Ban Configurations
Fail2Ban is a widely used security tool that monitors log files and bans IP addresses that exhibit malicious behavior, such as repeated login attempts or other suspicious activity. In this article, we will explore 20 fail2ban configurations to enhance the security of your Linux system.
What is Fail2Ban?
Fail2Ban is an open-source software that scans log files for specific patterns, usually indicative of malicious activity, and bans the corresponding IP address. This prevents brute-force attacks on services such as SSH, FTP, and MySQL, among others.
20 Fail2Ban Configurations for Enhanced Security
1. SSH Brute-Force Protection
Protect your SSH service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[ssh-iptables]
filter = sshd
action = iptables[name=SSH, protocol=tcp]
logpath = /var/log/secure
bantime = 3600
maxretry = 3
2. Apache Brute-Force Protection
Protect your Apache web server from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[apache-iptables]
filter = apache-auth
action = iptables[name=Apache, protocol=tcp]
logpath = /var/log/httpd/access.log
bantime = 3600
maxretry = 3
3. FTP Brute-Force Protection
Protect your FTP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[ftp-iptables]
filter = ftp
action = iptables[name=FTP, protocol=tcp]
logpath = /var/log/secure
bantime = 3600
maxretry = 3
4. MySQL Brute-Force Protection
Protect your MySQL service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[mysql-iptables]
filter = mysql
action = iptables[name=MySQL, protocol=tcp]
logpath = /var/log/mysql/error.log
bantime = 3600
maxretry = 3
5. SMTP Brute-Force Protection
Protect your SMTP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[smtp-iptables]
filter = smtp
action = iptables[name=SMTP, protocol=tcp]
logpath = /var/log/mail.log
bantime = 3600
maxretry = 3
6. PostgreSQL Brute-Force Protection
Protect your PostgreSQL service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[postgresql-iptables]
filter = postgresql
action = iptables[name=PostgreSQL, protocol=tcp]
logpath = /var/log/postgresql/error.log
bantime = 3600
maxretry = 3
7. RDP Brute-Force Protection
Protect your RDP service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[rdp-iptables]
filter = rdp
action = iptables[name=RDP, protocol=tcp]
logpath = /var/log/secure
bantime = 3600
maxretry = 3
8. SMB Brute-Force Protection
Protect your SMB service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[smb-iptables]
filter = smb
action = iptables[name=SMB, protocol=tcp]
logpath = /var/log/samba.log
bantime = 3600
maxretry = 3
9. DNS Brute-Force Protection
Protect your DNS service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[dns-iptables]
filter = dns
action = iptables[name=DNS, protocol=tcp]
logpath = /var/log/dnsmasq.log
bantime = 3600
maxretry = 3
10. SSH Key Bruteforce Protection
Protect your SSH service from key bruteforce attacks by configuring fail2ban to monitor login attempts.
markdown
[ssh-key-iptables]
filter = sshd
action = iptables[name=SSH-Key, protocol=tcp]
logpath = /var/log/secure
bantime = 3600
maxretry = 3
11. Apache mod_userdir Brute-Force Protection
Protect your Apache service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[apache-userdir-iptables]
filter = apache-mod_userdir
action = iptables[name=Apache-Userdir, protocol=tcp]
logpath = /var/log/httpd/access.log
bantime = 3600
maxretry = 3
12. PHP-FPM Brute-Force Protection
Protect your PHP-FPM service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[php-fpm-iptables]
filter = php-fpm
action = iptables[name=PHP-FPM, protocol=tcp]
logpath = /var/log/php-fpm.log
bantime = 3600
maxretry = 3
13. MySQLi Brute-Force Protection
Protect your MySQLi service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[mysqli-iptables]
filter = mysqli
action = iptables[name=MySQLi, protocol=tcp]
logpath = /var/log/mysql/error.log
bantime = 3600
maxretry = 3
14. Perl Brute-Force Protection
Protect your Perl service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[perl-iptables]
filter = perl
action = iptables[name=Perl, protocol=tcp]
logpath = /var/log/perl.log
bantime = 3600
maxretry = 3
15. Python Brute-Force Protection
Protect your Python service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[python-iptables]
filter = python
action = iptables[name=Python, protocol=tcp]
logpath = /var/log/python.log
bantime = 3600
maxretry = 3
16. Ruby Brute-Force Protection
Protect your Ruby service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[ruby-iptables]
filter = ruby
action = iptables[name=Ruby, protocol=tcp]
logpath = /var/log/ruby.log
bantime = 3600
maxretry = 3
17. Tomcat Brute-Force Protection
Protect your Tomcat service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[tomcat-iptables]
filter = tomcat
action = iptables[name=Tomcat, protocol=tcp]
logpath = /var/log/tomcat.log
bantime = 3600
maxretry = 3
18. IIS Brute-Force Protection
Protect your IIS service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[iis-iptables]
filter = iis
action = iptables[name=IIS, protocol=tcp]
logpath = /var/log/iis.log
bantime = 3600
maxretry = 3
19. WebLogic Brute-Force Protection
Protect your WebLogic service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[weblogic-iptables]
filter = weblogic
action = iptables[name=WebLogic, protocol=tcp]
logpath = /var/log/weblogic.log
bantime = 3600
maxretry = 3
20. GlassFish Brute-Force Protection
Protect your GlassFish service from brute-force attacks by configuring fail2ban to monitor login attempts.
markdown
[glassfish-iptables]
filter = glassfish
action = iptables[name=GlassFish, protocol=tcp]
logpath = /var/log/glassfish.log
bantime = 3600
maxretry = 3
Conclusion
In this article, we have explored 20 fail2ban configurations to enhance the security of your Linux system. By configuring fail2ban to monitor login attempts and ban IP addresses that exhibit malicious behavior, you can protect your services from brute-force attacks and improve overall security. Remember to customize these configurations according to your specific needs and keep your software up-to-date to ensure maximum protection.
About the Author
