Fail2Ban Filters to help Protect your Apache Web Servers from Scanners such as nmap , sqlmap , nikto , vega, and other Vulnerability Scanners by Blocking the Source IP Address
It is a type of HIPS (Host Intrusion Prevention System) that analyzes log files and compares them to filters to determine if the Source IP should be Blocked based on behaviour or string matches
Contains the Custom Fail2ban Filters
Contains Scripts that enables you to easily see who is banned, Active Web Server Connections and Unban a Specific IP Address
Example of the jail file that contains the custom filters
sudo apt-get update && sudo apt-get install fail2ban -y
cd /etc/fail2ban
sudo yum install epel-release
sudo yum update
sudo yum install fail2ban-firewalld -y
cd /etc/fail2ban
cd /etc/fail2ban
git clone https://github.com/RoqueNight/Fail2Ban-Filters.git
cd Fail2Ban-Filters
chmod +x Install.sh
./Install.sh
You can either replace the jail file, or add the Custom Jail contents to your existing jail.local file if you already have fail2ban filters
mv jail.local jail.local.original
mv Jail.local jail.local
sudo service fail2ban restart
vi jail.local
Paste the Below:
[apache-nohacking]
enbaled = true
port = http,https
filter = apache-nohacking
logpath = /var/log/apache2/*access_log
maxretry = 1
[apache-osinjection]
enabled = true
port = http,https
filyer = apache-osinjection
logpath = /var/log/apache2/*access.log
maxretry = 1
ESC - Shift: wq
Enter
Note: Replace the logpath to */var/log/httpd/access.log when using CentOS
MaxRetry=1 - Means that if one match is met, the Source IP Will be Blocked , which will prevent the attacker from doing any other type of Information Gathering on your Web Server
sudo service fail2ban restart
cd /etc/fail2ban/
chmod +x View_Banned.sh
./View_Banned.sh
cd /etc/fail2ban/
chmod +x Un_Ban_IP.sh
./Un_Ban_IP.sh
cd /etc/fail2ban
chmod +x Active_Connections.sh
./Active_Connections.sh