Brute Force Prevention On Linux Server

How to install Fail2Ban

Fail2Ban is a great utility to use to help prevent a server from being brute forced attacked on SSH. Fail2Ban works with Iptables to block a culprit IP for a certain amount of time. The actual setup and configuring can be done in under 10 minutes.

Installation

1.To install fail2ban you will need to have root access (login with user and “su –“ to root). Type the following to begin the install process.

yum --enablerepo=dag install fail2ban

Yum will install fail2ban and will be configured with the basic configuration for CentOS.

Configuration

2. The configuration file for fail2ban is located at /etc/fail2ban.conf. We will now need to modify the conf file to make a few minor changes.

vi /etc/fail2ban.conf

3. We will change the number of max failures before an IP gets banned from 5 to 10. The line we will edit will look like this:

maxfailures = 10

4. The next line we will edit will change the amount of time an IP is banned. The default time is 600s and we will change it to 900s (15 minutes).

bantime = 900

5. (Optional) The next line we will edit will ignore our IP from being banned. This way we won't be banned from our own server. We will need to know what our public IP addresses that we would like to connect to our server. Add your public IP addresses to the following line:

ignoreip = 192.168.0.0/24 192.168.1.1 172.16.1.1 10.1.1.1

6. Exit out of the conf file.

:wq

7. We will now make sure fail2ban is started and is added to the chkconfig list.

service fail2ban start
chkconfig fail2ban on

Fail2ban is now configured for your dedicated server. To see what has been banned from your server you can view the fail2ban logs at /var/log/fail2ban.log.

Add Feedback