SSH, SASL, Hackers, and more…

SSH (Port 22 if you haven’t moved it) and the SASL mail authentication will get hammered with Brute force attacks on a regular basis if a system is available on the Internet.  However, there are ways to mitigate these attacks…

Fail2Ban for Linux bases systems does an excellent job of stopping these kinds of attacks.  These instructions are for installing fail2ban on a Ubuntu Server 14.04.

From the Command-Line and a sudo authorized account:

Sudo apt-get update

sudo apt-get install fail2ban

Copy the Config file: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the Config: vi or nano /etc/fail2ban/jail.local

Bantime is defaulted to 600 seconds (10 Minutes), I prefer 1200 (20 minutes) or 1800 (30 Minutes) since most clients that trigger the ban are well deserving.

Maxretry defines how many attempts in Findtime (600 Seconds or 10 Minutes) a user can try to login before triggering the ban.  3 attempts in 10 minutes is a great qualifier for a web server, if its a server in a production environment that has multiple users leveraging ssh, you may want to raise the attempts.

You can then turn fail2ban on for other web services towards the bottom of the configuration file.

 

Leave a Reply

Your email address will not be published. Required fields are marked *