How to use FAIL2BAN to protect SSH

by do son · Published June 22, 2017 · Updated June 22, 2017

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

Wiki

On this post, i’m going to guide you how to use Fail2ban to protect SSH.

First you need to install Fail2ban is :

apt-get install fail2ban

After installing Fail2ban, to starts to work immediately, you need to add the desired settings. All configuration is stored in a/etc/fail2ban/jail.conf file

We need to change the section of the SSH :

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 10
findtime = 3600
bantime  = 86400

Description:

maxretry – the maximum number of incorrect connections during specified parameter findtime ;
findtime – Time in the log-file, for which the analysis of the number of incorrect connections. Calculated in seconds;
bantime – blocking time in seconds;

and restart Fail2ban is :

service fail2ban restart

Now, after 10 wrong password is entered for an hour address will be blocked for a day.

gets the current status of the server

fail2ban–client status

And to know the statistics for blocked clients for each service with the command:

fail2ban–client status service_name

How to use FAIL2BAN to protect SSH

Search

Brilliantly

Content & Links