Fail2ban is software to prevent brute-force attacks. This software is written in Python, to run on POSIX systems that have a user interface or firewall installed locally (such as Iptables, etc.). Fail2ban scans the log files and looks for the IP that intends to infiltrate the system and disrupt the server security, and after finding it, will block the IP. The server administrator sets the time for each activity on the server. For example, each person can send a login request to the server up to 3 times with the wrong password. Fail2ban blocks people who have exceeded this time limit, which prevents the creation of multiple logs that involve the server processor. In this article, we are going to teach you about Tutorial Install and Configure Fail2ban on Fedora 33. You can visit the packages available in Eldernode if you want to buy a Linux VPS server.
Table of Contents
How to Install and Configure Fail2ban on Fedora 33
Any service that is somehow accessible from the Internet is potentially vulnerable to hacker attacks. If the service you are using has authentication steps, bots or hackers will try to go through this step by entering different identity information in different ways.
When we talk about a Strix-based VoIP phone system, it is possible for the asterisk, ssh, Cyrus, apache, postfix services to infiltrate these systems through brute force attacks or an attack dictionary.
The fail2ban tool is precisely designed to counter such attacks and actually acts as a kind of intrusion prevention tool. The procedure of fail2ban is such that if the number of requests to enter the service at a certain time exceeds the specified limit, this module will consider the requesting IP as malicious IPs and will blacklist it. In this way, all accesses through that IP will close on existing services.
In the rest of this article, we will teach you how to install and configure fail2ban on Fedora 33. Stay with us.
What is Fail2ban and what does it do?
Fail2Ban is a log file analyzer that can read and analyze your system log files. In the meantime, treat the attackers appropriately according to the events and red lines you specify for Fail2Ban. This tool is developed with the powerful Python language, so it has a good speed. The disadvantage of this tool is that if you define a large number of rules for it, then due to the analysis of several commands simultaneously, it may use a little more than usual server hardware resources. So be careful not to give unnecessary rules to Fail2Ban.
Fail2ban’s main job is to update the firewall rules of the server. This tool works in such a way that it shows sensitivity to your web server log files. For example, if a user enters the wrong password multiple times, or is trying to use an exploit, or finds a hole in your application where it creates an error, information will be stored in your web server log. Of course, some cases require coding to log. This tool obtains information about how each user works by viewing log files. Now, if a user is suspecting according to its rules, updating the firewall information completely blocks that user.
Keep in mind that if the user is malicious, after being locked in the login screen, it can attack other parts of your system. But if he is stopped at the moment through the Firewall, he will be completely disconnected from the server.
Fail2ban works by looking for a pattern for it in the settings defined in the log files. If it finds the pattern, it blocks the corresponding IP address using Firewall. Removes this IP from being blocked after the time specified for it.
Install Fail2ban on Fedora 33 | Fedora 32
In this section, we will explain how to install Fail2ban on Fedora 33. To install Fail2ban, just follow the steps below. In the first step it is necessary to add the EPEL repository using the following command:
sudo dnf install epel-release -y
After successfully adding the Epel repository, you can now easily install fail2ban by running the following command:
sudo dnf install fail2ban -y
You can now start and enable Fail2ban by running the following commands:
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
How to Configure Fail2ban on Fedora 33
In this section, we are going to look at how to configure Fail2ban. Note that the Fail2ban configuration files are located in /etc/fail2ban. Install the nano editor on your system using the following command:
sudo dnf install nano -y
If you want to create a new file to watch SSH login attempts, you must use the following command:
sudo nano /etc/fail2ban/jail.local
Now you need to add the following commands to the new file you created:
[sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3
After you have completed the above steps, you can now save the configuration file and exit it. Then, to apply the changes, you must restart the system once by executing the following command:
sudo systemctl restart fail2ban
How to use Fail2ban on Fedora 33
After you have successfully installed and configured fail2ban, now we want to teach you how to use this software. Here you should experimentally log in to your network using another device using SSH. Then you will enter the password 3 times incorrectly. In this case, the IP of this device should be blocked. Then you will try again to secure the Shell on the Fedora device. But you will see that we are immediately deprived of this work.
Note that after you have successfully tested the system, you can cancel the test IP address with the following command:
sudo fail2ban-client set sshd unbanip IP
For more information on how to use Fail2ban, you can refer to the article How to use Fail2ban to secure Linux Server.
In this article, we tried to fully acquaint you with Fail2Ban software. Then we taught you to step by step how to Install and Configure Fail2ban on Fedora 33. It should be noted that you can refer to the article How to install Fail2Ban to protect SSH on CentOS 8 if you wish.