21Jun/100
Prevent brute force attacks using fail2ban
fail2ban monitors log files such as /var/log/auth.log and /var/log/apache/access.log and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Currently, by default, fail2ban supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file.
1. Install fail2ban
apt-get install fail2ban
2. Test by connecting via ssh and making three incorrect password attempts. By default fail2ban blocks the IP address for 10 minutes.
You can tail the fail2ban log file to monitor actions:
tail -f /var/log/fail2ban.log
Sample results
2010-06-21 22:27:58,953 fail2ban.jail : INFO Jail 'ssh' started
2010-06-21 22:29:36,430 fail2ban.actions: WARNING [ssh] Ban 192.168.1.18
Hosting sponsor
Debian Tutorials
Tag Cloud
apache
apt
Backup
clamav
courier
database
DNS
dspam
etch
FTP
imap
iptables
Kernel
lenny
lighttpd
Mail
mailscanner
Monitoring
mrtg
MySQL
network
nfs
openssl
php
pop3
postfix
PostgreSQL
postgrey
powerdns
proxy
pure-ftpd
rsync
samba
sasl
Security
spam
ssh
subversion
tls
trac
upgrade
vmware
vsftpd
X
zenoss
Categories
- Backup (2)
- Control Panel (1)
- DNS (3)
- FTP (2)
- General (4)
- Kernel (2)
- Mail (16)
- Monitoring (8)
- MySQL (13)
- Networking (4)
- PostgreSQL (1)
- Release (66)
- Security (13)
- Virtualization (4)
- Web (19)
- X (1)
Popular Tutorials
- Installing Zend Optimizer
- Installing ionCube
- Installing Zenoss monitoring system
- Installing and configuring PPTP VPN server on lenny
- Pure-FTPd with MySQL backend
- Installing Postfix with MySql backend and SASL for SMTP authentication
- Loading iptables rules on startup
- Installing DSPAM with ClamAV for Postfix on lenny
Ubuntu Tutorials – Latest
- Installing PEAR framework and packages
- Install mod_spamhaus Apache module to fight comment spam
- Installing ionCube
- Installing Zend Optimizer
- Disable root login to SSH