BLOG
How to install and configure Fail2ban with SSH and Nginx
What is Fail2ban? This is software for protecting services, connected to network, like Apache, Nginx, OpenSSH, Postfix, Asterisk, and so on. Fail2ban protect from brute-force attacks, incorrect authentication attempts, bad-bots crawling, etc...
1. First of all you need to install Fail2ban:
In Debian/Ubuntu:
sudo apt update && sudo apt upgrade -y
apt install fail2ban -y
In CentOS/CentOS Stream:
yum update -y && yum install epel-release -y
yum install fail2ban -y
2. Start and enable Fail2ban service:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
3. Create new /etc/fail2ban/jail.local file and put configurations:
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/24 your_external_address
findtime = 10m
maxretry = 3
bantime = 3600m
For OpenSSH:
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[nginx-http-auth]
enabled = true
port = http,https
logpath = %(nginx_error_log)s
For limitation HTTP requests:
[nginx-limit-req]
enabled = true
port = http,https
logpath = %(nginx_error_log)s
For bad requests protection:
[nginx-bad-request]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
For protection from badbots:
sudo cp /etc/fail2ban/filter.d/apache-badbots.conf /etc/fail2ban/filter.d/nginx-badbots.conf
And put to end of the file /etc/fail2ban/jail.local following config lines for activating jail:
[nginx-badbots]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
findtime = 10m
maxretry = 1
bantime = 3600m
Restart Fail2ban service:
sudo systemctl restart fail2ban
Check how your jails working:
sudo fail2ban-client status sshd
sudo fail2ban-client status nginx-http-auth
sudo fail2ban-client status nginx-limit-req
sudo fail2ban-client status nginx-bad-request
sudo fail2ban-client status nginx-badbots
