4

I've just bought a new dedicated server. Should I install fail2ban if I am only using SSH keys to login? What else does fail2ban protect? What are the advantages and disadvantages of fail2ban? Is there a better alternative?

I have also disabled root logins and installed sudo. It is an Arch Linux server supplied by OVH. I intend to install nginx and gitolite.

Alex Chamberlain
  • 143
  • 1
  • 2
  • 9
  • 1
    Yes, no, I don't know. There's no way to answer this question. It's like asking "I've just left work, should I go eat a pizza if I'm only reading Sophie's Choice?". I don't know, are you hungry? Do you like pizza? Is your wife cooking something today? How many times have you eaten out this week? – Adi Aug 14 '13 at 20:48
  • @Adnan I'm not sure I entirely understand. https://wiki.archlinux.org/index.php/Fail2ban suggests it is unnecessary, but over the years I have read many great things about fail2ban and other similar software. I would like the opinion of the experts here, before I make my decision. – Alex Chamberlain Aug 14 '13 at 20:54
  • 1
    Sorry, your question is still unanswerable. It all depends on your case. What are you planning to do with your server? – Adi Aug 14 '13 at 20:58
  • @Adnan I'll be using it for a low traffic, static blog. There will also be several git repos mirrored. – Alex Chamberlain Aug 14 '13 at 21:00
  • If anything it cuts down on your logs. – k to the z Aug 14 '13 at 21:47
  • 1
    Puppies are not just for Christmas - Fail2ban is not just for ssh – symcbean Aug 15 '13 at 10:54
  • @symcbean I will add that to my question... – Alex Chamberlain Aug 15 '13 at 16:30
  • Adnan is making a valid point and I think you'll have more success if you re-word your question. Your decision to use or not use fail2ban belongs to you and should be judged on the level of risk you feel comfortable with. The question you should have for this group is about the pros/cons of fail2ban when used alongside other mitigations such as ssh keys and no root logins. Consider this as an alternative question title "What are the pros and cons of using fail2ban when using SSH key auth?" – u2702 Aug 16 '13 at 16:07
  • @u2702 That is what I meant, of course. I will change the title. – Alex Chamberlain Aug 19 '13 at 12:16

1 Answers1

3

Since it varies on a case-to-case basis, there is no perfect answer to your question.

Yet, from an information security point of view, installing fail2ban (or any alike solution) would definitely add an additional layer of security... and that's something you can regard to always be a good decision.

My 2 cents: just go ahead and do it. In the end, you're better safe than sorry.

e-sushi
  • 1,306
  • 2
  • 14
  • 41
  • I kind of agree, but if the OP has no problems with DoS or repeat malicious visitors, then there isn't much need. – Rory Alsop Aug 14 '13 at 21:39