fail2ban is an intrusion prevention framework written in Python that protects Linux systems and servers from brute-force attacks.
monitor the strength and frequency of attacks.
can be setup to block IP addresses automatically based on specific paramenters.
sudo apt install fail2ban
sudo systemctl enable fail2ban-service
ls -al /etc/fail2ban
should create a local jail: /etc/fail2ban/jail.local (not overwritten if fail2ban is updated)
sudo cp jail.conf jail.local
[sshd] enabled = false # change to true and restart service port = ssh #make fail2ban look after the sshd service filter = sshd #log logpath = /var/log/auth.log #security option #number of attempts allowed maxretry = 3 bantime = 3600 #while list ip address (be cafeful not to look yourself out) ignoreip = 127.0.0.1 192.168.1.0/24 192.168.1.100/32
log all the authentication attempts.
restart fail2ban everytime changing the jail files.
systemctl restart fail2ban.service
check if the service is active
systemctl status fail2ban.service
fail2ban-client status sshd
Check which service on which port sudo netstat -tulpn
sudo fail2ban-client set sshd banip 18.104.22.168
sudo fail2ban-client set sshd unbanip 22.214.171.124