If you think that someone is trying to brute force your server, it’s important to act fast.Although strong passwords, two factor, and RSA keys should withstand even the mightiest of brute force attacks, it’s still a waste of resources, giving less to what you actually need your server to do. There is NO reason not to install this FREE program to protect your server.
Installing fail2ban is simple. If you’re on Ubuntu/Debian, just run:
sudo apt install fail2ban
and you’re done with this part! For other Linux OS’s, try installing with your distribution’s package manager(i.e. yum, pacman, etc.).
This is where things begin to get complicated. First, move into the fail2ban directory, which on Ubuntu and Debian is at /etc/fail2ban.
Then, copy jail.conf to jail.local which is highly recommended to prevent your config from being overwritten.
sudo cp jail.conf jail.local
Now, edit jail.local with your favorite editor. Mine is currently nano, so I’ll run:
sudo nano jail.local
Now, look for the lines
# "bantime" is the number of seconds that a host is banned.
bantime = 86400# A host is banned if it has generated "maxretry" during the last "findtime"
findtime = 1800# "maxretry" is the number of failures before a host get banned.
maxretry = 3
The values will be different, so set them to whatever you want. The comments should explain everything properly. Now all you need to do is find the “jails” you want to enable, and enable them by simply adding
enabled = true
anywhere in them. A jail looks something like:
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
Although the filter is optional if you’re using the built in ones.
By default, it will use iptables to ban IPs, which won’t work if you’re using UFW. So simply look for the line:
banaction = iptables-multiport
and change it to
banaction = ufw
This will only work if in /etc/fail2ban/action.d you have a file called ufw.conf. If not, you can always get the latest version from GitHub
Leave any other ways you protect your servers in the comments!