Brute Force Protection On Ubuntu 12.04

Overview

Protection from spammers and slowing down brute force attacks should always be used especially with cheap VPS / cloud computing as well as the botnets. Whilst there are no 100% way of preventing the issue there are software to help stop constant attacks. fail2ban is one such software which scans logs and detects constant attacks.

What Is fail2ban

The software uses log files and scans them for consistent failed attempts from the same source. Once this is detected it will automatically block the source connection from further attempts for a period of times. Imagine a friend picks up your phone and keeps entering the wrong pin. They start from 1111, 1112, 1113, etc. Eventually by going through every pin combination they will eventually guess your pin and gain access to your phone. One way to slow them down is to add a timeout after say 3 bad attempts of 30 seconds. So after the third bad pin entry the phone will not allow any more guesses for 30 seconds (including yourself).

Now imagine a computer was trying to do the same thing with a password. It can type a lot quicker than your friend and will get eventually guess the right pin faster. With a timeout it will take longer slowing them down. This is the concept of how fail2ban works.

This article will go through installing fail2ban on Ubuntu 12.04.

Install

Install fail2ban:
sudo apt-get install fail2ban

Copy the default configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Basic Configuration

Edit the file default file at /etc/fail2ban/jail.local

Each monitored system usually starts with [name of system] with the configuration under it. The first section is the [DEFAULT] which applies to any non customised settings in the individual settings. The default is generally can be used as is. Most of the checks on services are disabled so go through each one and change the enabled parameter from false to true to enable them.

For SSH there’s a [SSH] section. The port will be default to this:
port = ssh
If SSH runs on any port other than the default 22 then change ssh to the port number.

Summary

How To Protect SSH with fail2ban on Ubuntu 12.04

About Danny

I.T software professional always studying and applying the knowledge gained and one way of doing this is to blog. Danny also has participates in a part time project called Energy@Home [http://code.google.com/p/energyathome/] for monitoring energy usage on a premise. Dedicated to I.T since studying pure Information Technology since the age of 16, Danny Tsang working in the field that he has aimed for since leaving school. View all posts by Danny → This entry was posted in Linux and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.