Protecting servers with fail2ban – analyze services to protect

After setting up fail2ban its time to check which ports are open. Potentially each open port should be protected using fail2ban.

The easiest way to check for open ports on a linux system is using netstat.  Execute the following command (as root)

The result will look like this:

If local address starts with 127.0.0.1 the process is listening to localhost only, there is no need to protect this service using fail2ban. If the address is listed as 0.0.0.0 the service is listening on all interface – so also on the public IP address. This is a potential candidate to be monitored. Some services might also be configured to listen to one public IP address which is stated then in the local address column. This is a candidate to be protected also.