Setup Fail2Ban

Introduction

Fail2Ban is a powerful tool to protect your server from brute-force attacks. This guide will walk you through installing and configuring Fail2Ban to secure your SSH service.

Step 1: Install Fail2Ban

Install Fail2Ban using the following command:

sudo apt install fail2ban

Step 2: Configure Fail2Ban

Create a local configuration file to override the default settings:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Step 3: Configure the SSH Jail

Edit the SSH jail configuration file:

sudo nano /etc/fail2ban/jail.d/sshd.local

Add the following configuration:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = systemd
maxretry = 5
bantime = 3600
findtime = 600

Configuration rules for other services can be found in linuxserver/fail2ban-confs

Step 4: Restart Fail2Ban

Apply the changes by restarting the Fail2Ban service:

sudo systemctl restart fail2ban

Step 5: Verify Fail2Ban Status

Check the overall status of Fail2Ban:

sudo fail2ban-client status

Check the status of the SSH jail:

sudo fail2ban-client status sshd

Step 6: Unban an IP Address

If you need to unban an IP address, use the following command:

sudo fail2ban-client set sshd unbanip <IP_ADDRESS>

Conclusion

By following these steps, you have successfully set up Fail2Ban to protect your SSH server from unauthorized access. Regularly monitor the logs and adjust the configuration as needed to enhance your server’s security.

Introduction#

Step 1: Install Fail2Ban#

Step 2: Configure Fail2Ban#

Step 3: Configure the SSH Jail#

Step 4: Restart Fail2Ban#

Step 5: Verify Fail2Ban Status#

Step 6: Unban an IP Address#

Conclusion#