fail2ban - a tool for linux security

From the official website of fail2ban:

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

Good uses of fail2ban:
Your linux server has SSH and is exposed to the internet.
The bad guys there will try to break into your system by brute-forcing/dictionary attacks.
fail2ban will block 3 unsuccessful login attempts for a certain period of time. fail2ban dynamically
updates IPTABLES rules to achieve this.
Note that it's always your responsibility to use a strong/complex password.
Neither fail2ban nor any other firewall will be able to protect you if you use simple passwords.



No comments:

Post a Comment

Speak your mind.Feel free to voice out here any opinions,comments,suggestions or feedback.
We appreciate everything.