Fail2ban Setup

Last Edit: 2024.07.30

Debian / Ubuntu

Fedora / Rocky / RHEL

Overview

Install Fail2ban and monitor SSH connection attempts.

Assumptions

Update

Before getting started, update package repositories and apply upgrades for the latest patches.

# Debian
sudo apt update
sudo apt upgrade
# Fedora
sudo dnf check-update
sudo dnf upgrade

Install Fail2ban

Fail2ban is an intrusion prevention software that protects your server from brute-force attacks.

Install Fail2ban via your system package manager.

# Debian
sudo apt install fail2ban
# Fedora
sudo dnf install fail2ban

Verify Fail2ban is enabled so it will start on boot.

sudo systemctl enable fail2ban

Configure Jail

Create a Fail2ban configuration file to monitor SSH connection attempts.

sudo nano /etc/fail2ban/jail.local

In the file, specify the following configuration. This configuration will ban any IP address that makes 3 failed login attempts in 30 minutes for 25 hours. If you changed your SSH port, modify the port configuration accordingly.

# Debian
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
# 30 minute findtime
findtime = 1800
# 25 hour ban
bantime = 90000
# Fedora
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
maxretry = 3
# 30 minute findtime
findtime = 1800
# 25 hour ban
bantime = 90000

Restart the Fail2ban service for changes to take effect.

sudo systemctl restart fail2ban