Installing Fail2Ban to Prevent Brute Force Attacks

Installing Fail2Ban

Fail2Ban monitors your log files and automatically bans IP addresses that show malicious behavior, such as repeated failed login attempts.

Install Fail2Ban

apt install fail2ban -y

Create a Local Configuration File

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Configure SSH Protection

Edit /etc/fail2ban/jail.local and add or update the [sshd] section:

[sshd]
enabled = true
port = ssh
maxretry = 5
findtime = 300
bantime = 3600

This configuration bans any IP that fails SSH login 5 times within 5 minutes, for 1 hour.

Start and Enable Fail2Ban

systemctl enable fail2ban
systemctl start fail2ban

Check Status

fail2ban-client status
fail2ban-client status sshd

Manually Unban an IP

fail2ban-client set sshd unbanip 203.0.113.100

View the Fail2Ban Log

tail -f /var/log/fail2ban.log
  • 0 Пользователи нашли это полезным
Помог ли вам данный ответ?

Связанные статьи

Securing SSH Access

Securing SSH Access SSH is the main entry point to your server. Hardening it is one of the most...

Setting Up a Firewall with UFW

Setting Up a Firewall with UFW UFW (Uncomplicated Firewall) makes managing firewall rules...

Setting Up Let's Encrypt SSL Certificates

Setting Up Let's Encrypt SSL Certificates Let's Encrypt provides free, trusted SSL certificates....

Scanning for Rootkits with rkhunter and chkrootkit

Scanning for Rootkits Rootkits are malware that hide from standard detection tools. Two widely...

Setting Up Two-Factor Authentication for SSH

Setting Up Two-Factor Authentication for SSH Adding 2FA to SSH requires both your SSH...