Skip to main content

Fail2ban configuration

Fail2ban — bu Linux serverlarida xavfsizlikni oshirish uchun ishlatiladigan, avtomatik ravishda zararli yoki shubhali IP manzillarni bloklaydigan kuchli va keng tarqalgan dastur. Fail2ban server loglarini tahlil qilib, ko‘p marta noto‘g‘ri parol kiritgan yoki boshqa zararli harakatlarni aniqlaydi va ularni vaqtincha yoki doimiy bloklaydi.

1. Fail2ban ni o‘rnatish

Terminalda quyidagi buyruqni bajaring:

sudo apt update
sudo apt install fail2ban

2. Asosiy konfiguratsiya fayllari

  • Global konfiguratsiya: /etc/fail2ban/fail2ban.conf
  • Jail konfiguratsiyasi: /etc/fail2ban/jail.conf (asl fayl, o‘zgartirish tavsiya etilmaydi)
  • Maxsus sozlamalar uchun: /etc/fail2ban/jail.local (yangi sozlamalar shu faylda qilinadi)

3. Oddiy konfiguratsiya misoli

/etc/fail2ban/jail.local faylini yarating yoki tahrirlang:

sudo nano /etc/fail2ban/jail.local

Misol uchun, SSH xizmatini himoyalash:

[sshd]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 5
bantime  = 600
findtime = 600

Izoh:

  • enabled — ushbu xizmat uchun Fail2ban yoqilganini bildiradi.
  • port — qaysi portni himoyalash kerak.
  • filter — qaysi log formatidan foydalaniladi.
  • logpath — log fayl manzili.
  • maxretry — bloklashdan oldin necha marta urinishga ruxsat beriladi.
  • bantime — IP manzil qancha vaqt bloklanadi (soniyalarda).
  • findtime — urinishlar qaysi vaqt oralig‘ida hisoblanadi.

4. Fail2ban xizmatini ishga tushirish va tekshirish

sudo systemctl restart fail2ban
sudo systemctl enable fail2ban
sudo systemctl status fail2ban

5. Ban qilingan IP manzillarni ko‘rish

sudo fail2ban-client status sshd

Natijada ban qilingan IP manzillar ro‘yxatini ko‘rasiz.

6. Maxsus filter yaratish

Agar siz boshqa xizmat yoki maxsus log formatini himoyalamoqchi bo‘lsangiz, /etc/fail2ban/filter.d/ papkasida yangi filter fayli yarating.

Misol: Apache uchun oddiy filter

/etc/fail2ban/filter.d/apache-auth.conf faylini yarating:

[Definition]
failregex = Authentication failure for .* from <HOST>
ignoreregex =

So‘ngra, jail.local faylida quyidagicha yozing:

[apache-auth]
enabled  = true
port     = http,https
filter   = apache-auth
logpath  = /var/log/apache2/error.log
maxretry = 3
bantime  = 900

7. Foydali buyruqlar

  • Fail2ban statusini ko‘rish: 
    sudo fail2ban-client status
  • Muayyan jail statusini ko‘rish: 
    sudo fail2ban-client status sshd
  • IP manzilni qo‘lda ban qilish: 
    sudo fail2ban-client set sshd banip 192.168.1.100
  • IP manzilni unblock qilish: 
    sudo fail2ban-client set sshd unbanip 192.168.1.100

8. Xulosa

Fail2ban yordamida serveringizni avtomatik ravishda zararli harakatlardan himoyalashingiz mumkin. To‘g‘ri konfiguratsiya va monitoring orqali SSH, Apache, Nginx va boshqa xizmatlarni samarali himoyalash, server xavfsizligini