Fail2Ban as protection against brute-force attacks
Fail2ban is a well-known software to protect linux based system against brute force attacks.
It scans log files and bans IP Addresses that show the malicious signs -- too many password failures, seeking for exploits, etc.
Fail2ban supports only linux-based systems like: Debian, Ubuntu, Red Hat/CentOS, FreeBSD, Mac OS X and others.
Fail2ban bans Ip Addresses that makes brute force against popular services on servers:
Basic installation is very simple.
apt-get install fail2ban
yum install fail2ban
See Fail2ban official documentation to install on other platforms.
That's it. Fail2ban protection works.
Dhound Linux agent by default will analyze fail2ban activity log (/var/log/fail2ban.log) and visualize it on security dashboards.
Published on Apr 12, 2017