• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Fail2ban on EC2 maybe not such a good idea?

yidakee

Well-known member
Foundation Member
So I'm taking the time to secure my server, fail2ban being a common contender from my readings and suggestions.

But going through some blogs, its seems I can

a) just install and it will do its job "custom"
b) you can use fail2ban to harden your AMI.

Thing is with b) is that, for instance, you can select to only allow your local IP to SSH in, just like security groups in EC2 dashboard. But if your ISP resets your IP for some reason, or a power out in your zone etc... you'll get a new IP. If you harden within the AMI fail2ban rules, no matter what you do, you'll never be able to get in, ever. On EC2 console you can go in an edit your new IP and everything is cool.

So is there a real need for fail2ban, except just the custom setup against force-brute attacks?
 
The main intention of using fail2ban is to prevent brute-force attacks by temp-banning ips that repeatedly fail to login. Using it just like that provides a major benefit and won't lock you out(at least for more than a time limit you set.) Restricting it to 1 ip only is just an extra if you are able to saftly do so, but not the main reason to use it.
 
The main intention of using fail2ban is to prevent brute-force attacks by temp-banning ips that repeatedly fail to login. Using it just like that provides a major benefit and won't lock you out(at least for more than a time limit you set.) Restricting it to 1 ip only is just an extra if you are able to saftly do so, but not the main reason to use it.

Thanks for the explanation mate, I feel a little safer now :cool:
 
Back
Top