This is a very good Tutorial, with some good examples on how to set up fail2ban...
Don
fail2ban Intrusion Prevention Framework - Linux Magazine Online
For its size, fail2ban, a utility that scans logfiles and bans suspicious IP addresses, punches well above its weight.
I dare say that only a few sys admins haven’t heard of fail2ban – maybe those starting out or those who have focused on different areas. In my experience, it’s quite rare that really small utilities can affect the way you run your servers to the extent that fail2ban has. It certainly explains its popularity.
fail2ban is a feather-weight set of scripts that can easily integrate with popular firewalls and, amongst many other things, catch any failed logins for services that you’re running and then ban the IP address after a certain number of failed attempts. Admittedly that sounds like quite simple functionality, but when you get down to the innards of the software, it’s a truly powerful tool.
I had been using fail2ban on SSH login failures, probably it’s most common usage, before I became increasingly annoyed with web server logs filling up with nefarious probes attempting to compromise PHP with remote exploits (and a myriad of other HTTP attacks). It got to the point at which a large proportion of the Apache logs were failed attempts to find hidden directories or non-existent Joomla installations among the legitimate hits on the websites.
I also ran a few mail servers that allowed mail relaying via SASL password authentication, which (and there are other ways of running the authentication side) had system user accounts with PAM checking for correct passwords. I had set the SASL user accounts so that a shell login couldn’t be used to access the server, but I was still more than aware than having a piece of software so readily open to abuse by brute force was far from ideal. So, fail2ban stepped forward yet again; I could simply ban any IP that entered the wrong password three times for as long as I wanted.
From the scenarios above, I hope you will agree that fail2ban can be applied in all sorts of ways. To give you a head start in this article, I’ll offer some examples, ranging from those straight out of the documentation to those that were hard won. (Those of you who speak regular expressions, or regex, as your second language would have found them easy, I’m sure, but I prefer a cogent language that doesn’t involve an aching head coupled with eye strain!)
It Must Be Magic
Read More...http://www.linuxpromagazine.com/Online/Features/fail2ban-Intrusion-Prevention-Framework
- Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures
- Fail2ban
- HOWTOs - Fail2ban
- FAQ english - Fail2ban
- MANUAL_0_8
- Fail2Ban - Fail2ban
- fail2ban Intrusion Prevention Framework - Linux Magazine Online
- Fail2ban
- FAQ english - Fail2ban
- Category:Configuration - Fail2ban
- Category:FTP - Fail2ban
- Vsftpd - Fail2ban
- Fail2ban
- HOWTOs - Fail2ban
- FAQ english - Fail2ban
- MANUAL_0_8
- Fail2Ban - Fail2ban
- Fail2ban
- Fail2ban
- Fail2ban
- Category:Configuration - Fail2ban
- Vsftpd - Fail2ban
- HOWTOs - Fail2ban
- Weekend Project: Keep Out Repeat Offenders with Fail2ban on Linux | Linux.com - fail2ban.conf: This file contains the general options for fail2ban. Most likely the default options will work just fine.
- Weekend Project: Keep Out Repeat Offenders with Fail2ban on Linux | Linux.com
- Fail2ban
- FAQ english - Fail2ban
- Category:Configuration - Fail2ban
- Category:FTP - Fail2ban
- Vsftpd - Fail2ban
- Fail2ban
- HOWTOs - Fail2ban
- FAQ english - Fail2ban
- MANUAL_0_8
- Fail2Ban - Fail2ban
- Fail2ban
- Fail2ban
- Fail2ban
- Category:Configuration - Fail2ban
- Vsftpd - Fail2ban
- HOWTOs - Fail2ban
- Weekend Project: Keep Out Repeat Offenders with Fail2ban on Linux | Linux.com
- Weekend Project: Keep Out Repeat Offenders with Fail2ban on Linux | Linux.com
- fail2ban Intrusion Prevention Framework - Linux Magazine Online
No comments:
Post a Comment