Fail2ban: protecting apache without iptables or tcpwrapper

Introduction
In Linux there are several ways to protect you against brute-force attacks. The goal with this article is to stop hammering on your apache-server, by blocking out IPs, and not using either iptables or tcpwrappers, but by using the apache-module mod_rewrite in conjunction with fail2ban. We will also get protection for our sshd-service. This article will be very basic.

Requirements
I assume you have already these packages up and running You also have sendmail working

Check USEs for apache
Check that you have apache compiled with mod_rewrite

If this produces +apache2_modules_rewrite you are allright, but if theres a minus (-) first on the line, then add rewrite to your APACHE2_MODULES in

Reemerge apache

Get a little script for database update
Get this little perl-script from here. Thanks to [mailto:scott@perlcode.org Scott Wiersdorf] at perlcode.org. Put it in your /bin-directory, and make sure its pointing to your perl-location.

Make it executable

Create the file.

Make sure it's readable for apache

Install and configure fail2ban
Edit to have it use tcpwrapper for ssh, and also enable tcpwrapper for apache. However we will not use tcpwrapper for apache. This is just to enable the scan. Also change some other paths and variables to suit gentoo and your needs.

Edit the file

What this will do is, when an intruder gets detected, its' IP will be added to and also in the db-file. Edit the file

Add fail2ban to your default runlevel

Configure apache for mod_rewrite
Add this to your servers configuration.

Launch it all
Restart apache

Start fail2ban

Now, if a guest is trying to access your webserver, and he is on the blocklist, he will be redirected to his own IP. If he is trying to connect to your ssh-server, he will not be granted access.

Other links
http://www.perlcode.org/tutorials/apache/attacks.html http://en.gentoo-wiki.com/wiki/HOWTO_fail2ban http://www.fail2ban.org/wiki/index.php *