elfsight
Blog GO AI
How to Secure a Linux Server Using fail2ban

How to Secure a Linux Server Using fail2ban

Cuprins ascunde
1 How to secure a Linux server?
1.1 What is fail2ban?
1.2 Installing fail2ban
1.3 Checking service status
1.4 Configuring fail2ban
1.4.1 Basic configuration example:
1.5 Reloading configuration
1.6 Monitoring active jails
1.7 Unbanning an IP
1.8 Adding protection for other services
1.9 fail2ban logs

How to secure a Linux server using fail2ban. fail2ban is an efficient and easy-to-implement solution for increasing the security of Linux servers.

By monitoring logs and automatically blocking suspicious IP addresses, fail2ban helps prevent unauthorized access and maintain a secure environment.

It is recommended to be part of any Linux security strategy.

How to secure a Linux server?

Linux server security is essential for preventing unauthorized access and cyber attacks.

An efficient tool for protection against brute-force attacks is fail2ban.

It monitors logs and blocks suspicious IP addresses through the firewall.

What is fail2ban?

fail2ban is an application that scans log files to detect repeated failed authentication patterns.

When an IP reaches a preset number of failed attempts, it is blocked temporarily or permanently using iptables or other firewall mechanisms.

Installing fail2ban

On Ubuntu or Debian, install fail2ban with:

sudo apt update
sudo apt install fail2ban -y

Checking service status

sudo systemctl status fail2ban

To start and enable the service at boot:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Configuring fail2ban

Do not modify the /etc/fail2ban/jail.conf file directly. Instead, create a local copy:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the jail.local file:

sudo nano /etc/fail2ban/jail.local

Basic configuration example:

[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
backend = systemd
ignoreip = 127.0.0.1/8 ::1

[sshd]
enabled = true

Explanation:

  • bantime: time in seconds an IP remains blocked
  • findtime: period in which the number of attempts is checked
  • maxretry: maximum number of attempts before blocking the IP
  • ignoreip: IPs that should not be blocked (e.g. localhost)
  • [sshd]: enables protection for the SSH service

Reloading configuration

After changes, restart the service:

sudo systemctl restart fail2ban

Monitoring active jails

To see active jails:

sudo fail2ban-client status

To check details of a specific jail (e.g: sshd):

sudo fail2ban-client status sshd

Unbanning an IP

If you want to remove an IP from the ban list, use:

sudo fail2ban-client set sshd unbanip 192.168.1.100

Adding protection for other services

fail2ban can also be configured for other services such as:

  • Apache / Nginx (HTTP bruteforce attacks)
  • Postfix / Dovecot (email attacks)
  • vsftpd / proftpd (FTP)

It is necessary to activate the corresponding jails and define rules in the respective files.

fail2ban logs

Logs are useful for analysis and auditing:

/var/log/fail2ban.log

Special SEO Services – We offer specialized SEO optimization and search engine marketing services. Contact us now!

Contact
Previous post
Next article

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top
ROEN