Fail2Ban as protection against brute-force attacks
Fail2ban is a well-known software to protect linux based system against brute force attacks.
It scans log files and bans IP Addresses that show the malicious signs -- too many password failures, seeking for exploits, etc.
Supported Platforms
Fail2ban supports only linux-based systems like: Debian, Ubuntu, Red Hat/CentOS, FreeBSD, Mac OS X and others.
Functionality
Fail2ban bans Ip Addresses that makes brute force against popular services on servers:
- SSH
- Apache
- exim
- mysql
- nginx
- ftp
- etc...
Basic installation
Basic installation is very simple.
Debian/Ubuntu:
apt-get install fail2banyum install fail2banSee Fail2ban official documentation to install on other platforms.
That's it. Fail2ban protection works.
Dhound Integration
Dhound Linux agent by default will analyze fail2ban activity log (/var/log/fail2ban.log) and visualize it on security dashboards.
See Also
- Test brute force protection (on this resource)
- Fail2ban official web site
Published on Apr 12, 2017