fail2ban

Install & config

sudo apt update
sudo apt install fail2ban

# Create a copy of the Fail2ban configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

This will ban any IP address that fails to authenticate via SSH more than 3 times within 10 minutes (600 seconds).

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bantime = 2592000 # 30days

Restart the Fail2ban service to apply the new settings

sudo systemctl restart fail2ban
fail2ban-client status sshd # check sshd jail

# test filter reg
sudo fail2ban-regex --print-all-missed /var/log/nginx/error.log /etc/fail2ban/filter.d/nginx-botsearch.conf

unban

# throught config file 
unbanip = x.x.x.x

# release all banned ip 
sudo fail2ban-client unban --all
Last Updated:
Contributors: rosendo