Brute Force Protection For Linux Server
Fail2Ban is a great utility to use to help prevent a server from being brute forced attacked on SSH. We will setup fail2ban for Brute Force Protection for Linux Server, Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.
How to Install
Step 1 – Login to your server as user with root privilege.
Step 2 – install fail2ban using below command:
yum –enablerepo=dag install fail2ban
Step 3 Configure Fail2Ban
The default fail2ban configuration file is location at /etc/fail2ban.conf
Edit the fail2ban.conf file. Use your favorite text editor like Nano or vi.
i) You will change the number of max failures before an IP gets banned.
maxfailures = 5
ii) Set the amount of time an IP is banned. The default time is 600s and You will change it to 1200s
bantime = 1200
iii) Add your IPs in ignoreip list so your IPs will not banned.
ignoreip = 220.127.116.11/18.104.22.168
iv) Save and exit the file.
Step 4 Now start the fail2ban service
service fail2ban start chkconfig fail2ban on
That’s it. Enjoy.
You can view the fail2ban logs at /var/log/fail2ban.log.