@monroe.bahringer
Fail2ban is a popular tool used for protecting servers from brute-force attacks by banning IP addresses that fail authentication attempts. It works by monitoring log files for patterns of failed login attempts, and then taking action to block the offending IP address.
To use Fail2ban to protect SSH on an Ubuntu server, follow these steps:
1 2 |
sudo apt-get update sudo apt-get install fail2ban |
1 2 |
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local |
1 2 3 4 5 6 7 |
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 3600 |
This will block an IP address for one hour (3600 seconds) after three failed login attempts.
1
|
sudo systemctl restart fail2ban |
Note: The above configuration assumes that your SSH daemon is running on the default port 22. If you have configured SSH to run on a different port, you should adjust the port
parameter accordingly.