How to use the Fail2ban tool to prevent brute force attempts-Linux Operation and Maintenance-php.cn

Home

Operation and Maintenance

Linux Operation and Maintenance

How to use the Fail2ban tool to prevent brute force attempts

王林

Jul 08, 2023 pm 07:15 PM

Brute force crackingprotectionfailban

How to use the Fail2ban tool to prevent brute force attempts

Introduction: The popularity of the Internet has made network security issues a very important topic. Among them, brute force attempts are one of the common security threats. In order to effectively prevent brute force cracking behavior, we can use the Fail2ban tool to help us implement protective measures. This article will describe how to use the Fail2ban tool to prevent brute force attempts and provide some code examples.

1. Introduction to the Fail2ban tool

Fail2ban is an open source firewall tool that is specially used to monitor system logs and configure rules to detect and block IP addresses with malicious intentions. It can automatically monitor the system's log files, and when it detects frequent failed login attempts, it will temporarily prohibit access to the IP address to prevent brute force cracking.

2. Install Fail2ban

Before we begin, we first need to install the Fail2ban tool. On most Linux distributions, it can be installed through the package manager:

sudo apt-get install fail2ban

3. Configure Fail2ban

Create the configuration file

In the configuration Before Fail2ban, we need to create a new configuration file. Run the following command in the terminal:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

This will copy the default Fail2ban configuration file to a new file.

Edit configuration file

Open the newly created configuration file /etc/fail2ban/jail.local and edit it as needed. The following are some common configuration items:

ignoreip: Ignore certain IP addresses and do not detect and block them. For example: ignoreip = 127.0.0.1/8
bantime: ban time in seconds. The default is 600 seconds. For example: bantime = 3600
maxretry: Maximum number of retries. If the number of consecutive failures for an IP address exceeds this value within a certain period of time, the IP address will be banned. For example: maxretry = 5
destemail: When an IP address is banned, the target email address for sending an email notification. For example: destemail = admin@example.com
action: The action that triggers the ban operation. It can be sending an email notification (admin), adding it to the firewall (RBLOCK), etc. For example: action = %(action_mwl)s

The following is a sample configuration:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
maxretry = 5
destemail = admin@example.com
action = %(action_mwl)s

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s

In this sample configuration, we ignore the local IP address and set the ban time to 1 hour, the maximum number of retries is 5. When an IP address is banned, an email notification will be sent to admin@example.com, and the IP address will also be added to the firewall rules.

Save and close the file

After completing the configuration, save and close the file.

4. Start Fail2ban

After the configuration is completed, we need to start the Fail2ban service to make it effective. Run the following command in the terminal:

sudo systemctl start fail2ban

In addition, you can also set Fail2ban to start automatically at boot, which ensures that it runs automatically when the system starts:

sudo systemctl enable fail2ban

5. Test Fail2ban

Finally, we can run some tests to verify that the Fail2ban tool is working properly.

Try brute force cracking

In order to test the protection capabilities of Fail2ban, we can try to log in to the server using a wrong password. You can use the ssh command to test:

ssh username@your_server_ip

After trying multiple times, Fail2ban should automatically detect these failed attempts and ban the corresponding IP address.

Check the ban log

To see which IP addresses have been banned, you can run the following command:

sudo fail2ban-client status

This will display the currently banned IP addresses list.

Conclusion:

By using the Fail2ban tool, we can effectively prevent brute force attempts. With the help of Fail2ban's configuration rules, we can automatically monitor the system's log files and block malicious IP addresses for frequent failed login attempts. This can greatly improve the security of the system and protect the security of the server and user data.

Reference link:

[Fail2ban official website](https://www.fail2ban.org/)
[Fail2ban GitHub repository](https:/ /github.com/fail2ban/fail2ban)

The above is the detailed content of How to use the Fail2ban tool to prevent brute force attempts. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

The 5 Core Components of the Linux Operating SystemMay 08, 2025 am 12:08 AM

The five core components of the Linux operating system are: 1. Kernel, 2. System libraries, 3. System tools, 4. System services, 5. File system. These components work together to ensure the stable and efficient operation of the system, and together form a powerful and flexible operating system.

The 5 Essential Elements of Linux: ExplainedMay 07, 2025 am 12:14 AM

The five core elements of Linux are: 1. Kernel, 2. Command line interface, 3. File system, 4. Package management, 5. Community and open source. Together, these elements define the nature and functionality of Linux.

Linux Operations: Security and User ManagementMay 06, 2025 am 12:04 AM

Linux user management and security can be achieved through the following steps: 1. Create users and groups, using commands such as sudouseradd-m-gdevelopers-s/bin/bashjohn. 2. Bulkly create users and set password policies, using the for loop and chpasswd commands. 3. Check and fix common errors, home directory and shell settings. 4. Implement best practices such as strong cryptographic policies, regular audits and the principle of minimum authority. 5. Optimize performance, use sudo and adjust PAM module configuration. Through these methods, users can be effectively managed and system security can be improved.

Linux Operations: File System, Processes, and MoreMay 05, 2025 am 12:16 AM

The core operations of Linux file system and process management include file system management and process control. 1) File system operations include creating, deleting, copying and moving files or directories, using commands such as mkdir, rmdir, cp and mv. 2) Process management involves starting, monitoring and killing processes, using commands such as ./my_script.sh&, top and kill.

Linux Operations: Shell Scripting and AutomationMay 04, 2025 am 12:15 AM

Shell scripts are powerful tools for automated execution of commands in Linux systems. 1) The shell script executes commands line by line through the interpreter to process variable substitution and conditional judgment. 2) The basic usage includes backup operations, such as using the tar command to back up the directory. 3) Advanced usage involves the use of functions and case statements to manage services. 4) Debugging skills include using set-x to enable debugging mode and set-e to exit when the command fails. 5) Performance optimization is recommended to avoid subshells, use arrays and optimization loops.

Linux Operations: Understanding the Core FunctionalityMay 03, 2025 am 12:09 AM

Linux is a Unix-based multi-user, multi-tasking operating system that emphasizes simplicity, modularity and openness. Its core functions include: file system: organized in a tree structure, supports multiple file systems such as ext4, XFS, Btrfs, and use df-T to view file system types. Process management: View the process through the ps command, manage the process using PID, involving priority settings and signal processing. Network configuration: Flexible setting of IP addresses and managing network services, and use sudoipaddradd to configure IP. These features are applied in real-life operations through basic commands and advanced script automation, improving efficiency and reducing errors.

Linux: Entering and Exiting Maintenance ModeMay 02, 2025 am 12:01 AM

The methods to enter Linux maintenance mode include: 1. Edit the GRUB configuration file, add "single" or "1" parameters and update the GRUB configuration; 2. Edit the startup parameters in the GRUB menu, add "single" or "1". Exit maintenance mode only requires restarting the system. With these steps, you can quickly enter maintenance mode when needed and exit safely, ensuring system stability and security.

Understanding Linux: The Core Components DefinedMay 01, 2025 am 12:19 AM

The core components of Linux include kernel, shell, file system, process management and memory management. 1) Kernel management system resources, 2) shell provides user interaction interface, 3) file system supports multiple formats, 4) Process management is implemented through system calls such as fork, and 5) memory management uses virtual memory technology.

See all articles