Fail2ban

What is Fail2Ban?

Fail2Ban is an intrusion prevention tool that monitors suspicious login attempts in system logs and can be deployed on your on-premises infrastructure.

What exactly does it block?

Fail2Ban primarily protects against "brute force" attacks.

To determine if an activity is malicious, Fail2Ban analyzes login attempts and identifies specific patterns. Here are the common errors that trigger an alert and a ban:

- Invalid user: Someone is trying to log in with random usernames (e.g., admin, root, test, guest). This is a typical sign of a bot testing username dictionaries.
- Wrong password: A known user exists, but the entered password is incorrect. Too many attempts indicate a brute-force attack.
- Authentication failure: A general error that occurs when the credentials provided do not match anything in the server’s secure database.
- Failed public key authentication: Even if you use security keys (which are more secure than passwords), Fail2Ban blocks those who repeatedly attempt to present unauthorized keys.

If an IP address generates 5 failures within a 10-minute window, it is banned for 10 minutes

Network requirements for Medulla SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Remote Maintenance & Getting Started

Deployment (broadcasting)

Remote Maintenance & Getting Started

FLUX Test

Firewall

IMAGING Prerequisites

Active Directory

I already have a PXE server on my network. Is that a problem?

Simplified flowchart of Medulla

OIDC

DNS and Medulla Relay views in the DMZ

Filter machine types by GLPI ID

Your GLPI with Read-Only User

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Increase the connection timeout to the interface

Activation Support / WSUS / CVE

Change the server's FQDN

Change the SSH port between Server and Client

GLPI - Connect an external GLPI

Network requirements for Medulla Private SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Console & Administration

Remote Maintenance & Getting Started

Client Accounts (Status & Visibility)

Packages

Console & Administration

Remote Maintenance & Getting Started

Set the agent to Debug

Windows Agent Issue

Introduction

ACLs

ACLs continued

Console & Administration

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Accounts (Status & Visibility)

GPO

Reconfigure my agent

Generate Windows and Linux agents

Agents for the MINT Linux distribution

Uninstalling the Medulla Agent (Versions prior to 5.5.2)

Uninstalling Medulla Agent Version 5.5.2 and later

Architecture and Deployment of Medulla Relay Servers

Procedure for adding relays to Medulla Dedicated SaaS

Medulla Update - 5.4.x to 5.5.x

Fail2ban

What is Fail2Ban?

What exactly does it block?