How to use the Fail2ban tool to prevent brute force attempts
Introduction: The popularity of the Internet has made network security issues a very important topic. Among them, brute force attempts are one of the common security threats. In order to effectively prevent brute force cracking behavior, we can use the Fail2ban tool to help us implement protective measures. This article will describe how to use the Fail2ban tool to prevent brute force attempts and provide some code examples.
1. Introduction to the Fail2ban tool
Fail2ban is an open source firewall tool that is specially used to monitor system logs and configure rules to detect and block IP addresses with malicious intentions. It can automatically monitor the system's log files, and when it detects frequent failed login attempts, it will temporarily prohibit access to the IP address to prevent brute force cracking.
2. Install Fail2ban
Before we begin, we first need to install the Fail2ban tool. On most Linux distributions, it can be installed through the package manager:
sudo apt-get install fail2ban
3. Configure Fail2ban
In the configuration Before Fail2ban, we need to create a new configuration file. Run the following command in the terminal:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
This will copy the default Fail2ban configuration file to a new file.
Open the newly created configuration file /etc/fail2ban/jail.local and edit it as needed. The following are some common configuration items:
The following is a sample configuration:
[DEFAULT] ignoreip = 127.0.0.1/8 bantime = 3600 maxretry = 5 destemail = admin@example.com action = %(action_mwl)s [sshd] enabled = true port = ssh logpath = %(sshd_log)s
In this sample configuration, we ignore the local IP address and set the ban time to 1 hour, the maximum number of retries is 5. When an IP address is banned, an email notification will be sent to admin@example.com, and the IP address will also be added to the firewall rules.
After completing the configuration, save and close the file.
4. Start Fail2ban
After the configuration is completed, we need to start the Fail2ban service to make it effective. Run the following command in the terminal:
sudo systemctl start fail2ban
In addition, you can also set Fail2ban to start automatically at boot, which ensures that it runs automatically when the system starts:
sudo systemctl enable fail2ban
5. Test Fail2ban
Finally, we can run some tests to verify that the Fail2ban tool is working properly.
In order to test the protection capabilities of Fail2ban, we can try to log in to the server using a wrong password. You can use the ssh command to test:
ssh username@your_server_ip
After trying multiple times, Fail2ban should automatically detect these failed attempts and ban the corresponding IP address.
To see which IP addresses have been banned, you can run the following command:
sudo fail2ban-client status
This will display the currently banned IP addresses list.
Conclusion:
By using the Fail2ban tool, we can effectively prevent brute force attempts. With the help of Fail2ban's configuration rules, we can automatically monitor the system's log files and block malicious IP addresses for frequent failed login attempts. This can greatly improve the security of the system and protect the security of the server and user data.
Reference link:
The above is the detailed content of How to use the Fail2ban tool to prevent brute force attempts. For more information, please follow other related articles on the PHP Chinese website!
switch statement usage
Ranking of foreign CDN service providers
What are the registration-free spaces in China?
What is ^quxjg$c
How to solve the problem that document.cookie cannot be obtained
How to close secure boot
What does STO mean in blockchain?
Solution to the problem that setting the Chinese interface of vscode does not take effect
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
