Brute Force Protection For Linux Server

[Total: 3    Average: 5/5]

Fail2Ban is a great utility to use to help prevent a server from being brute forced attacked on SSH. We will setup fail2ban for Brute Force Protection for Linux Server, Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.

How to Install

Step 1 – Login to your server as user with root privilege.
Step 2 – install fail2ban using below command:

yum –enablerepo=dag install fail2ban

Step 3 Configure Fail2Ban

The default fail2ban configuration file is location at /etc/fail2ban.conf

Edit the fail2ban.conf file. Use your favorite text editor like Nano or vi.

vi /etc/fail2ban.conf

i) You will change the number of max failures before an IP gets banned.

maxfailures = 5

ii) Set the amount of time an IP is banned. The default time is 600s and You will change it to 1200s

bantime = 1200

iii) Add your IPs in ignoreip list so your IPs will not banned.

ignoreip = 198.168.1.2/2.3.4.5

iv) Save and exit the file.

Step 4 Now start the fail2ban service

service fail2ban start
chkconfig fail2ban on

That’s it. Enjoy.

You can view the fail2ban logs at /var/log/fail2ban.log.