Fail2ban Setup

Last Edit: 2024.07.30

Debian / Ubuntu

Fedora / Rocky / RHEL

Overview

Install Fail2ban and monitor SSH connection attempts.

Assumptions

Initial System Setup completed.
Logged in as administrative user.

Update

Before getting started, update package repositories and apply upgrades for the latest patches.

# Debian
sudo apt update
sudo apt upgrade

# Fedora
sudo dnf check-update
sudo dnf upgrade

Install Fail2ban

Fail2ban is an intrusion prevention software that protects your server from brute-force attacks.

Install Fail2ban via your system package manager.

# Debian
sudo apt install fail2ban

# Fedora
sudo dnf install fail2ban

Verify Fail2ban is enabled so it will start on boot.

sudo systemctl enable fail2ban

Configure Jail

Create a Fail2ban configuration file to monitor SSH connection attempts.

sudo nano /etc/fail2ban/jail.local

In the file, specify the following configuration. This configuration will ban any IP address that makes 3 failed login attempts in 30 minutes for 25 hours. If you changed your SSH port, modify the port configuration accordingly.

# Debian
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
# 30 minute findtime
findtime = 1800
# 25 hour ban
bantime = 90000

# Fedora
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = %(sshd_log)s
maxretry = 3
# 30 minute findtime
findtime = 1800
# 25 hour ban
bantime = 90000

Restart the Fail2ban service for changes to take effect.

sudo systemctl restart fail2ban