Computers

Fail2ban

I look after a hand full of Linux servers, and as good practice I always make sure I used very complex passwords for console access and change them regularly.

However I appreciate that even the best passwords in the world could in theory be cracked eventually by pure brute force over an SSH connection.  It may take a while but it could happen.  The more obvious risk however is that if a possible intruder gets lucky.

I’ve used a great little program called Fail2ban for the last couple of years, what this does it quite simple, you can configure how you like, but in essence if someone tries to logon to a server and gets the password wrong a given number of times then it’ll lock down the firewall from that IP.  I see it a bit like tarpitting, it won’t stop them but by heck it’ll slow ’em down.

The functionality ‘out of the box’ for Fail2ban is pretty good, you can apply it to your mail logs to block spammers who fall foul of another filter, you can set it up on your web server to stop HTTP scan attacks, ditto for FTP and even SAMBA.

In the past I’ve used it to mitigate the affects of a DOS attack on a webserver I was asked to have a look at.  Great program and a fantastic little tool that should be on every sys admins radar.

Written by gyp - October 2, 2010 - 575 Views
Tags | , ,

You Might Also Like

ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning

November 25, 2013

How to Create a CSR with Nginx using OpenSSL

July 11, 2012
Uber Vault

How to Install a SSL Certificate on Nginx

July 15, 2012

1 Comment

  • How to Secure phpMyAdmin on Ubuntu | Gyp the Cat dot Com November 25, 2011 at 6:18 pm

    […]  Being ever the killjoy I am I had to secure the directories.  I’m already running Fail2Ban on Ubuntu but thought I should tighten it up even more to prevent any zero day exploits that may come […]

    Reply

    • Please Post Your Comments & Reviews

    Your email address will not be published. Required fields are marked *