Please Note Before !!: (you need to be root!!)
When the Apache server is running and is enabled, you can go ahead and install fail2ban
sudo apt-get update ; sudo apt-get install fail2ban
Please note! By default, fail2ban is configured to only ban failed SSH login attempts.
We need to enable some rules that will configure it to check our Apache
logs for patterns that indicate malicious activity.
To enable and protect your Apache:
#cd /etc/fail2ban/jail.d/ ; nano defaults-debian.conf
[php-url-fopen]
enabled = true
[apache-modsecurity]
enabled = true
[apache-fakegooglebot]
enabled = true
[apache-botsearch]
enabled = true
[apache-nohome]
enabled = true
[apache-overflows]
enabled = true
[apache-noscript]
enabled = true
[apache-auth]
enabled = true
Please note :
To make modifications, we need to copy this file to /etc/fail2ban/jail.local.
please do, so you are not overwriteing the conf file.:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the newly copied file so that we can set up what ever log monitoring you want:
cd /etc/fail2ban/ ; sudo nano jail.local
Changes (so you don't ban your self when testing)....
ignoreip = 127.0.0.1/8 YOU_IP Your_ISP_Net NAT_IP
When you are done :
sudo service fail2ban restart
sudo fail2ban-client status
sudo iptables -S
When the Apache server is running and is enabled, you can go ahead and install fail2ban
sudo apt-get update ; sudo apt-get install fail2ban
Please note! By default, fail2ban is configured to only ban failed SSH login attempts.
We need to enable some rules that will configure it to check our Apache
logs for patterns that indicate malicious activity.
To enable and protect your Apache:
#cd /etc/fail2ban/jail.d/ ; nano defaults-debian.conf
[php-url-fopen]
enabled = true
[apache-modsecurity]
enabled = true
[apache-fakegooglebot]
enabled = true
[apache-botsearch]
enabled = true
[apache-nohome]
enabled = true
[apache-overflows]
enabled = true
[apache-noscript]
enabled = true
[apache-auth]
enabled = true
Please note :
To make modifications, we need to copy this file to /etc/fail2ban/jail.local.
please do, so you are not overwriteing the conf file.:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the newly copied file so that we can set up what ever log monitoring you want:
cd /etc/fail2ban/ ; sudo nano jail.local
Changes (so you don't ban your self when testing)....
ignoreip = 127.0.0.1/8 YOU_IP Your_ISP_Net NAT_IP
When you are done :
sudo service fail2ban restart
sudo fail2ban-client status
sudo iptables -S
update-rc.d fail2ban defaults
You may also Install mod_security
Modsecurity is available in the Debian/Ubuntu repository:
apt-get install libapache2-modsecurity
Verify if the mod_security module was loaded.
apachectl -M | grep --color security
You may also Install mod_security
Modsecurity is available in the Debian/Ubuntu repository:
apt-get install libapache2-modsecurity
Verify if the mod_security module was loaded.
apachectl -M | grep --color security
