How to use FAIL2BAN to protect SSH
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.
On this post, i’m going to guide you how to use Fail2ban to protect SSH.
First you need to install Fail2ban is :
After installing Fail2ban, to starts to work immediately, you need to add the desired settings. All configuration is stored in a/etc/fail2ban/jail.conf file
We need to change the section of the SSH :
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 10
findtime = 3600
bantime = 86400
Description:
maxretry – the maximum number of incorrect connections during specified parameter findtime ;
findtime – Time in the log-file, for which the analysis of the number of incorrect connections. Calculated in seconds;
bantime – blocking time in seconds;
and restart Fail2ban is :
Now, after 10 wrong password is entered for an hour address will be blocked for a day.
gets the current status of the server