Protect your SSH server with Fail2Ban on Ubuntu
# apt-get update # apt-get install fail2ban
- ignoreip: We can use single IP, mask or a host name. IP addresses listed here will be excluded and will always be allowed to access the server
- bantime: The time (in seconds) that a host would be blocked from the server if they are found to be in violation of any of the defined rules. The default is set for 600 (10 minutes) but it should be increased to at least 30 minutes or more.
- maxrwtry: This is the number of incorrect login attempts allowed for a client before they get restricted to access the server. The default is 3.
- backend: specifies the backend used to get files modification. It should be set to “auto”
- destemail: We can specify email address where we want to get notifications when IP address is banned.
banaction = iptables-multiport protocol = tcp
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 4