Hardening ITFlow with Fail2Ban

To help prevent brute force login attempts, ITFlow automatically blocks IP addresses that fail 15 login attempts in 10 minutes. This only applies to logins to the technician portal, but not the API or the Client Portal.

You can use Fail2Ban to help prevent Brute Force attacks against ITFlow using the below steps:

Install Fail2Ban

• sudo apt install fail2ban

Set up a filter

• sudo nano /etc/fail2ban/filter.d/apache-itflow-filter.conf:-

• [Definition]
• failregex = ^<HOST> .+\“ 401 \d+ .*$

Create the jail

• sudo nano /etc/fail2ban/jail.local:-

• [apache-itflow]
• enabled = true
• port = http,https
• filter = apache-itflow-filter
• logpath = /var/log/apache2/access.log
• findtime = 10m
• maxretry = 5
• bantime = 10m

Enable Fail2Ban

• sudo systemctl enable fail2ban
• sudo systemctl start fail2ban

Check it works!

• sudo tail -F /var/log/fail2ban.log